I have an ASP MVC project in which I want to send an unlock account lockout link to the user's email after the user gets lockout.I use asp net identity 2.1 in my project. What i could possibly do is to lock the account for a period of 30 minutes using asp identity. After this time the account gets unlocked. I tried to send email to the user which contains a reset link. The link calls a method which has the following code.
[AllowAnonymous]
public async Task<ActionResult> UnlockAccount(string userId)
{
await UserManager.ResetAccessFailedCountAsync(userId);
return RedirectToAction("Login");
}
But after this still my account is locked for the time period of 30 minutes which i setup in IdentityConfig.cs. Is this possible in asp net identity.
I know this is old but it's worth an answer as I've just been wondering the same myself...
The AccessFailedCount
doesn't matter - the only thing locking the user out is the LockoutEndDateUtc
. If the current UTC datetime is before the LockoutEndDateUtc
then you won't be able to gain entry.
It's simple enough to reset though:
await UserManager.SetLockoutEndDateAsync(userId, new DateTimeOffset(DateTime.UtcNow));
You can set the DateTimeOffset
to anything you want as long as it's before the current DateTimeUTC, in my example I use DateTime.UtcNow
as it gives the added benefit of knowing when the account was unlocked.
When the user eventually logs in again the AccessFailedCount
will be reset to 0, so you don't need to worry about resetting that.
I thought I'd add an answer based on two of the comments above, as combined they seem to provide the best solution to this. I have a form in which I show a reCAPTCHA once the user is locked out, and clear the lockout if they submit the correct password along with a valid reCAPTCHA. The method I use to do the reset is below:
private async Task ResetLockoutIfPasswordCorrect(string username, string password)
{
var user = await _userManager.FindByNameAsync(username);
if (await _userManager.CheckPasswordAsync(user, password))
{
await _userManager.ResetAccessFailedCountAsync(user);
await _userManager.SetLockoutEndDateAsync(user, null);
}
}
As I say, I do guard this method with reCAPTCHA.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With