AccountController: Lockout configured in 2 places false in one place and true in another?
Opened this issue · 0 comments
winecraft commented
Hi,
Is the account controller still valid? Another question on the lockout and SigninManager
... can you explain if this is still relevant... or what role is it playing here.
- Inside the
public class ApplicationUserManager : UserManager<ApplicationUser, string>
...
// Configure user lockout defaults manager.UserLockoutEnabledByDefault = true; manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(5); manager.MaxFailedAccessAttemptsBeforeLockout = 5;
- but in another section it set to
false
below...
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { // This doen't count login failures towards lockout only two factor authentication // To enable password failures to trigger lockout, change to shouldLockout: true var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false); \\False here? switch (result) { case SignInStatus.Success: return RedirectToLocal(returnUrl); case SignInStatus.LockedOut: return View("Lockout"); case SignInStatus.RequiresVerification: return RedirectToAction("SendCode", new { ReturnUrl = returnUrl }); case SignInStatus.Failure: default: ModelState.AddModelError("", "Invalid login attempt."); return View(model); } }