Home/ Questions/Q 7162481
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T13:44:31+00:00

I have to implement Your Account is Locked! message for the SqlMembershipProvider in MVC2

  • 0

I have to implement “Your Account is Locked!” message for the SqlMembershipProvider in MVC2 project.

How I can do it?

Basically my code to logon looks like:

[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
      if (ModelState.IsValid)
      {
                if (MembershipService.ValidateUser(model.UserName, model.Password))
                {
                     FormsService.SignIn(model.UserName, model.RememberMe);

                     UserProfile profile = UserProfile.GetUserProfile(model.UserName);

                 //.... 
                }
                else
                {
          ModelState.AddModelError("", "The user name or password provided is incorrect.");
        }
   }

   return View(model);
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is it just like normal membership?

    MembershipUser user = Membership.GetUser("Username")

if (user != null && user.IsLockedOut)
{
    return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut");
}

    MSDN: Membership.GetUser(string username)

    Side Note

    The order in which you do authentication is really a Security & UX thing. I’d suggest the following pseudo-code (but I’m no expert):

    public ActionResult LogOn(LogOnModel model)
{
    // Is model valid?
    if (!ModelState.IsValid)
    {
        this.ViewData["LogOnError"] = "Bad Credentials.";
        return this.View(model);
    }

    // Is user valid?
    if(!MembershipService.ValidateUser(model.UserName, model.Password))
    {
        this.ViewData["LogOnError"] = "Wrong Credentials.";
        return this.View(model);
    }

    MembershipUser user = Membership.GetUser(model.UserName);

    // Was the user deleted in the last nano-second?
    if (user == null)
    {
        this.ViewData["LogOnError"] = "Race Condition: User previously deleted.";
        return this.View(model);
    }

    // Is user locked out?
    if(user.IsLockedOut)
    {
        this.ViewData["LogOnError"] = "You are locked out.";
        return this.View(model);
    }

    // Sign the user in.
    FormsService.SignIn(model.UserName, model.RememberMe);

    return this.View("LogOnSuccessful");
}
    • 0