search

bharney / JSStarterDocker

.Net Core 2.1 C# with React Starter Project that provides Identity Authentication and Authorization using JWT. Based on .NET Core JavaScriptServices Spa React + Redux using TypeScript. Additional support available for Docker and ARM Templating. Project uses Key Vault for secrets and EntityFrameworkCore to migrate Identity tables.
https://jsstarter.azurewebsites.net
17 stars 3 forks source link

Add Account Locked out after too many Login Attempts #45

Open bharney opened 6 years ago

bharney commented 6 years ago
ghost commented 5 years ago

What are your initial thoughts on this feature?

I implemented a "user action collection" or table in my starter for this very reason. One problem I can see with this approach is as the table grows the query time will increase. Anything older than a week shouldn't really matter for current logins, but it would be useful to have a record that isn't directly queriable for other various reason, for instance geolocation, IP, device, or different browser logins alerts.

It is possible to implement a SQL job in entity framework that moves anything older than a week into an archive table of sorts? What should the lockout time frame be? And if there is an active user season i.e ("someone is trying to hijack this account") should all existing user sessions be eliminated?