4

In Simple Membership Provider we could do something like below to track number of invalid attempt of login .

WebSecurity.IsAccountLockedOut(userName, allowedPasswordAttempts, intervalInSeconds)

This is not Supported in ASP NET Identity (http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity)

I am trying to Display ReCaptcha on Invalid Login Attempt after around 5 login attempt. I cannot find any example around from ASP NET Identity MVC 5. any help?

Improve this question

2 Answers 2

Reset to default
1

Try changing GrantResourceOwnerCredentials method inside ApplicationOAuthProvider.cs to this:

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        T user = await _userManager.FindAsync(context.UserName, context.Password);

        if (user == null)
        {
            if (((int) HttpContext.Current.Session["Tries"]) >= 5)
            {
                context.SetError("maximum_tries", "You tried too many times");
                return;
            }
            context.SetError("invalid_grant", "The user name or password is incorrect.");
            HttpContext.Current.Session["Tries"] = ((int)HttpContext.Current.Session["Tries"]) + 1;
            return;
        }

        ClaimsIdentity oAuthIdentity = await _userManager.CreateIdentityAsync(user,
            context.Options.AuthenticationType);
        var ticket = new AuthenticationTicket(oAuthIdentity, GenerareProperties(user));
        context.Validated(ticket);

        ClaimsIdentity cookiesIdentity = await _userManager.CreateIdentityAsync(user,
            CookieAuthenticationDefaults.AuthenticationType);
        context.Request.Context.Authentication.SignIn(cookiesIdentity);

        HttpContext.Current.Session["Tries"] = 0;
    }

Simply I used session to track how many times user wrote invalid password. If the session value equals to 5 then we displaying another message.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

i don;t even see this file ApplicationOAuthProvider.cs in the MVC5 template. i this a new file i need to create?
@JustinHomes Can you show me your Startup.Auth.cs (in App_Start folder) and AccountController.cs?
I don't seem to be able to access HttpContext.Current.Session in this function, is there something extra you need to do to allow this?
1

The latest version of ASP.NET Identity: 2.0.0-beta1 has been recently revealed and two new classes named UserManager and UserStore used by the ASP.NET Identity.

You can get the introduction of ASP.NET Identity from the following link:

http://www.c-sharpcorner.com/UploadFile/4b0136/getting-started-with-Asp-Net-identity-in-visual-studio-2013/

If you want to apply the register and login through the use of ASP.NET Identiy, the following links are helpful:

http://www.c-sharpcorner.com/UploadFile/4b0136/working-with-mvc-using-Asp-Net-identity-2-0-0-beta1/

http://www.c-sharpcorner.com/UploadFile/4b0136/working-with-new-Asp-Net-identity-2-0-0-in-Asp-Net-applicati/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.