Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

reset user lockout by sending a reset account link using asp net identity 2.1

Tags:

c#

asp.net-identity

asp.net-mvc-5

I have an ASP MVC project in which I want to send an unlock account lockout link to the user's email after the user gets lockout.I use asp net identity 2.1 in my project. What i could possibly do is to lock the account for a period of 30 minutes using asp identity. After this time the account gets unlocked. I tried to send email to the user which contains a reset link. The link calls a method which has the following code.

[AllowAnonymous]
public async Task<ActionResult> UnlockAccount(string userId)
{
    await UserManager.ResetAccessFailedCountAsync(userId);
    return RedirectToAction("Login");
}

But after this still my account is locked for the time period of 30 minutes which i setup in IdentityConfig.cs. Is this possible in asp net identity.

like image 443
Noxious Reptile Avatar asked Oct 23 '15 06:10

Noxious Reptile

Video Answer

2 Answers

I know this is old but it's worth an answer as I've just been wondering the same myself...

The AccessFailedCount doesn't matter - the only thing locking the user out is the LockoutEndDateUtc. If the current UTC datetime is before the LockoutEndDateUtc then you won't be able to gain entry.

It's simple enough to reset though:

await UserManager.SetLockoutEndDateAsync(userId, new DateTimeOffset(DateTime.UtcNow));

You can set the DateTimeOffset to anything you want as long as it's before the current DateTimeUTC, in my example I use DateTime.UtcNow as it gives the added benefit of knowing when the account was unlocked.

When the user eventually logs in again the AccessFailedCount will be reset to 0, so you don't need to worry about resetting that.

like image 171
Percy Avatar answered Nov 10 '22 01:11

Percy

I thought I'd add an answer based on two of the comments above, as combined they seem to provide the best solution to this. I have a form in which I show a reCAPTCHA once the user is locked out, and clear the lockout if they submit the correct password along with a valid reCAPTCHA. The method I use to do the reset is below:

private async Task ResetLockoutIfPasswordCorrect(string username, string password)
{
    var user = await _userManager.FindByNameAsync(username);
    if (await _userManager.CheckPasswordAsync(user, password))
    {
        await _userManager.ResetAccessFailedCountAsync(user);
        await _userManager.SetLockoutEndDateAsync(user, null);
    }
}

As I say, I do guard this method with reCAPTCHA.

like image 30
Martin Owen Avatar answered Nov 10 '22 01:11

Martin Owen
Sign in to Comment

Related questions

DllImport or LoadLibrary for best performance
Shake form on screen
Can unsafe code in C# cause memory corruption?
How to create reusable control in ASP.NET MVC
Every iteration of every “foreach” loop generated 24 Bytes of garbage memory?
Convert DateTime To JSON DateTime
How to render link with css class with Sitecore Glass Mapper
C# - How to handle XAML Keyboard in MVVM?
Casting of int array into double array in immediate window?
How to set background image in Windows Phone 8?
C# LinkedResource using base64 string
retrieve the value selected in optionset field and display ita value in a text field [closed]
How do I pass a 'null' action
Detect if a generic type is open?
How to know which controller method will be called from Web API Authorization filter
List(T).ForEach is not defined using Xamarin
Using Generic Repository and Stored Procedures
Can't run program because it asks me to attach on process
The requested address is not valid in its context when I try to listen a port
can I pass a custom property to NLOG and output to file?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!