ASP.NET Identity Architecture Getting Started Setting up ASP.NET Identity Customizing ASP.NET Identity models Add user Update user Delete user Change / Reset a user's password Password policy Username and email policy Login Remember me Get current logged in user id Logout Lockout a user account Lockout a user account after several failed login attempts Authorization Roles management Add role Update role Delete role Assign a user to a role Get a user's roles Role-based authorization
Lockout a user account in ASP.NET Identity

Introduction


In order to lockout a user account in ASP.NET Identity, we use two user properties: the LockoutEnabled property and the LockoutEndDateUtc property.

LockoutEnabled


The LockoutEnabled property indicates that the lockout is enabled for a user. By setting this property to true it does not mean that the user is locked out, it only means that the user could be locked out.

LockoutEndDateUtc


The LockoutEndDateUtc property indicates when the lockout ends and be careful, any time in the past is considered not locked out.

Locking out a user


By using these two properties together, you can lockout a user for a specific amount of time. 

// Locking out a user for 10 minutes 
user.LockoutEnabled = true;
user.LockoutEndDateUtc = DateTimeOffset.Now.AddMinutes(10);

In preceding code, we enable the lockout for the user by setting the LockoutEnabled property to true . After that, we add 10 minutes to the current datetime by using the AddMinutes method and we set the result value to the LockoutEndDateUtc property. This will result in locking the user out for 10 minutes.

We can also use the methods SetLockoutEnabled and SetLockoutEndDate to modify the values of these properties by passing the id of the user to lockout as a parameter. These methods are called by the UserManager and they return an IdentityResult object. 

// Locking out a user for 10 minutes 
var result = UserManager.SetLockoutEnabled(userId, true);
var result = UserManager.SetLockoutEndDate(userId, DateTimeOffset.Now.AddMinutes(10));

In order to lockout a user definitely or at least until unlocking it again, set the LockoutEndDateUtc property to : DateTimeOffset.MaxValue. 

user.LockoutEnabled = true;
user.LockoutEndDateUtc = DateTimeOffset.MaxValue; 
// OR
var result = UserManager.SetLockoutEnabled(userId, true);
var result = UserManager.SetLockoutEndDate(userId, DateTimeOffset.MaxValue);

Unlocking a user


In order to unlock a locked out user, you have to set the value of the LockoutEnabled property to false. 

user.LockoutEnabled = false;
// OR
var result = UserManager.SetLockoutEnabled(userId, false);

Namespaces


In order to get the UserManager, and use the SetLockoutEnabled and the SetLockoutEndDate methods, you have to include the following namespaces : 

using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;


About

DotNet tutorials is a website for beginners and professionals of the .NET framework. This website contains articles and solutions for different technical problems.

Contacts

Phone: +33 675572397
Email: abdrahmanbayan@gmail.com
2020 © DotNet Tutorials By Abderrahmane BAYANE