Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Will Waggoner 17 posts 38 karma points
    Oct 12, 2010 @ 23:57
    Will Waggoner
    0

    maxInvalidPasswordAttempts not locking user out?

    I'm using a custom MembershipProvider for members that derives from umbraco.providers.members.UmbracoMembershipProvider.  Regardless of what I put in for my maxInvalidPasswordAttempts in the web.config file, a user never gets locked out.  We're using a custom login control, but shouldn't this work regardless of the manner in which the validation on the provider gets called?

  • Tim 1193 posts 2675 karma points MVP 4x c-trib
    Oct 13, 2010 @ 13:26
    Tim
    0

    Have you tried it with the standard provider and login controls? It could be that it doesn't implement that bit of functionality....... Or if it works, it means the problem is with the custom provider/login control.

  • Will Waggoner 17 posts 38 karma points
    Oct 13, 2010 @ 19:21
    Will Waggoner
    0

    Yeah, I've just tested it with the default provider and controls.  No worky.  Can someone point me to where that would be in the database so I can at least see the column?  We have a client that requires the lockout functionality.

  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Oct 13, 2010 @ 21:02
    Dirk De Grave
    0

    I guess it depends on how you've coded the login functionality. Why aren't you using the standard asp.net login controls, they should even work with your custom provider. I'm pretty sure it will be handled out of the box for you. I'd do more extra tests with a asp.net login control and check if this has the same behaviour.

     

    Cheers,

    /Dirk

  • Will Waggoner 17 posts 38 karma points
    Oct 13, 2010 @ 21:08
    Will Waggoner
    0

    I figured it out.  I looked through the 4.5 umbraco source code and the MembershipProvider that's implemented right now does not support the MaxInvalidPasswordAttempts property.  If you look in the database, Members are stored in the cmsMember table, which doesn't have a column for FailedPasswordAttemptCount (see the default membership table structure @ http://msdn.microsoft.com/en-us/library/Aa478948.asp2prvdr0102l%28l=en-us%29.gif) so that's why this doesn't work.  I can fix this so it does, but if I do, what's the policy/process for getting changes to the codebase into the next release?

  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Oct 13, 2010 @ 21:20
    Dirk De Grave
    0

    Will,

    Just had a look at the source and the number of attempts won't be stored in the cmsMember table but in cmsPropertyData table. And my version of the umbraco 4.5 code seems to update the failed attempts as well and lock out the member in case of too many failed attempts.

    I guess a good old debugging session is what is required to find out whether it's a bug?

     

    Cheers,

    /Dirk

     

  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Oct 13, 2010 @ 21:24
    Dirk De Grave
    0

    And in case you do find a bug, you can still create a patch and submit it on Codeplex.

     

    Cheers,

    /Dirk

  • Will Waggoner 17 posts 38 karma points
    Oct 13, 2010 @ 21:24
    Will Waggoner
    0

    Hrmmm, maybe I'm looking in the wrong place then.  I was digging around UsersMembershipProvider, specifically in the ValidateUser method.  Is there somewhere else I should be looking?  Line numbers/FileNames would be awesome!

  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Oct 13, 2010 @ 21:28
    Dirk De Grave
    0

    Oh yeah, UsersMembershipProvider is for the backend, whereas the MembersMembershipProvider is for frontend (File/class lives in same project)

     

    Cheers,

    /Dirk

  • Will Waggoner 17 posts 38 karma points
    Oct 13, 2010 @ 21:31
    Will Waggoner
    0

    Awesome!  Thanks a ton, Dirk!  I am seriously loving Umbraco.

Please Sign in or register to post replies

Write your reply to:

Draft