c# 用户登陆限制,错误登陆次数不超过3次15分钟内
思路:
1,通用配置(错误次数与间隔时间)可以修改,不需要发布代码
2,用户登录错误次数>=设定的错误次数,进行判断在时间内不能累加错误次数,弹出提示
3,间隔时间外错误次数清0
4,用户名不存在,记录IP判断次数(走一次用户名存在密码错误的过程,不要直接加黑ip ,可能有情况的)
5, 用户登录密码错误时 错误次数累加 与 时间记录
6,登录成功,错误次数清0
上代码
public UserEntity CheckLogin(string username, string password)
{
UserEntity userEntity = service.CheckLogin(username);
var errorCount = Config.GetValue("ErrorCount").ToInt();
var errorTime = Config.GetValue("ErrorTime").ToInt();
if (userEntity != null && userEntity.OrganizeId != "")
{
if (userEntity.EnabledMark == 1)
{
if (userEntity.ErrorCount != null && userEntity.ErrorCount >= errorCount)
{
DateTime errortime = Convert.ToDateTime(userEntity.ErrorTime);
//Subtract函数减去指定时间,返回一个时间差,时间的格式可以是分钟也可以是秒、小时
TimeSpan span = DateTime.Now.Subtract(errortime);
double minute = span.TotalMinutes;//取时间间隔的分钟数
if (minute < errorTime)
{
throw new Exception("您已经连续" + errorCount + "次输入密码错误,请" + errorTime + "分钟之后再次重试!");
}
else
{
userEntity.ErrorCount = 0;
service.SaveForm(userEntity.UserId, userEntity);
}
}
string dbPassword = Md5Helper.MD5(DESEncrypt.Encrypt(password.ToLower(), userEntity.Secretkey).ToLower(), 32).ToLower();
if (dbPassword == userEntity.Password)
{
//登录成功后,错误次数清0
userEntity.ErrorCount = 0;
DateTime LastVisit = DateTime.Now;
int LogOnCount = (userEntity.LogOnCount).ToInt() + 1;
if (userEntity.LastVisit != null)
{
userEntity.PreviousVisit = userEntity.LastVisit.ToDate();
}
userEntity.LastVisit = LastVisit;
userEntity.LogOnCount = LogOnCount;
userEntity.UserOnLine = 1;
service.UpdateEntity(userEntity);
return userEntity;
}
else
{
userEntity.ErrorCount = (userEntity.ErrorCount==null?0:userEntity.ErrorCount).ToInt() + 1;
userEntity.ErrorTime = System.DateTime.Now;
service.UpdateEntity(userEntity);
throw new Exception("密码和账户名不匹配!");
}
}
else
{
throw new Exception("账户名被系统锁定,请联系管理员!");
}
}
else
{
//判断客户端IP限制
FilterIPEntity filterIPEntity = filterService.CheckErrorIp(Net.Ip);
if(filterIPEntity!=null)
{
if (filterIPEntity.ErrorCount!=null&&filterIPEntity.ErrorCount >= errorCount)
{
DateTime errortime =Convert.ToDateTime(filterIPEntity.ErrorTime);
//Subtract函数减去指定时间,返回一个时间差,时间的格式可以是分钟也可以是秒、小时
TimeSpan span = DateTime.Now.Subtract(errortime);
double minute = span.TotalMinutes;//取时间间隔的分钟数
if (minute < errorTime)
{
throw new Exception("您已经连续"+errorCount+"次输入账号密码错误,请"+errorTime+"分钟之后再次重试!");
}
else
{
filterIPEntity.ErrorCount = 0;
filterService.SaveForm(filterIPEntity.FilterIPId, filterIPEntity);
}
}
else
{
filterIPEntity.ErrorCount = (filterIPEntity.ErrorCount == null ? 0 : filterIPEntity.ErrorCount).ToInt() + 1;
filterIPEntity.ErrorTime = System.DateTime.Now;
filterService.SaveForm(filterIPEntity.FilterIPId, filterIPEntity);
}
}
else
{
filterIPEntity = new FilterIPEntity();
filterIPEntity.ErrorCount = (filterIPEntity.ErrorCount==null?0:filterIPEntity.ErrorCount).ToInt() + 1;
filterIPEntity.ErrorTime = System.DateTime.Now;
filterIPEntity.ErrorIp = Net.Ip;
filterService.SaveForm("", filterIPEntity);
}
throw new Exception("账户名或密码错误,请重新输入!");
}
}代码有些冗余的,自行处理
获取IP代码
/// <summary>
/// 获取Ip
/// </summary>
public static string Ip
{
get
{
var result = string.Empty;
if (HttpContext.Current != null)
result = GetWebClientIp();
if (result.IsEmpty())
result = GetLanIp();
return result;
}
}
/// <summary>
/// 获取Web客户端的Ip
/// </summary>
private static string GetWebClientIp()
{
var ip = GetWebRemoteIp();
foreach (var hostAddress in Dns.GetHostAddresses(ip))
{
if (hostAddress.AddressFamily == AddressFamily.InterNetwork)
return hostAddress.ToString();
}
return string.Empty;
}
/// <summary>
/// 获取Web远程Ip
/// </summary>
private static string GetWebRemoteIp()
{
return HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"] ?? HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
}
/// <summary>
/// 获取局域网IP
/// </summary>
private static string GetLanIp()
{
foreach (var hostAddress in Dns.GetHostAddresses(Dns.GetHostName()))
{
if (hostAddress.AddressFamily == AddressFamily.InterNetwork)
return hostAddress.ToString();
}
return string.Empty;
}- 上一篇 »Linux系统登陆过程
- 下一篇 »Linux配置免密登陆