I'm using a custom MembershipProvider for members that derives from umbraco.providers.members.UmbracoMembershipProvider. Regardless of what I put in for my maxInvalidPasswordAttempts in the web.config file, a user never gets locked out. We're using a custom login control, but shouldn't this work regardless of the manner in which the validation on the provider gets called?
Have you tried it with the standard provider and login controls? It could be that it doesn't implement that bit of functionality....... Or if it works, it means the problem is with the custom provider/login control.
Yeah, I've just tested it with the default provider and controls. No worky. Can someone point me to where that would be in the database so I can at least see the column? We have a client that requires the lockout functionality.
I guess it depends on how you've coded the login functionality. Why aren't you using the standard asp.net login controls, they should even work with your custom provider. I'm pretty sure it will be handled out of the box for you. I'd do more extra tests with a asp.net login control and check if this has the same behaviour.
I figured it out. I looked through the 4.5 umbraco source code and the MembershipProvider that's implemented right now does not support the MaxInvalidPasswordAttempts property. If you look in the database, Members are stored in the cmsMember table, which doesn't have a column for FailedPasswordAttemptCount (see the default membership table structure @ http://msdn.microsoft.com/en-us/library/Aa478948.asp2prvdr0102l%28l=en-us%29.gif) so that's why this doesn't work. I can fix this so it does, but if I do, what's the policy/process for getting changes to the codebase into the next release?
Just had a look at the source and the number of attempts won't be stored in the cmsMember table but in cmsPropertyData table. And my version of the umbraco 4.5 code seems to update the failed attempts as well and lock out the member in case of too many failed attempts.
I guess a good old debugging session is what is required to find out whether it's a bug?
Hrmmm, maybe I'm looking in the wrong place then. I was digging around UsersMembershipProvider, specifically in the ValidateUser method. Is there somewhere else I should be looking? Line numbers/FileNames would be awesome!
maxInvalidPasswordAttempts not locking user out?
I'm using a custom MembershipProvider for members that derives from umbraco.providers.members.UmbracoMembershipProvider. Regardless of what I put in for my maxInvalidPasswordAttempts in the web.config file, a user never gets locked out. We're using a custom login control, but shouldn't this work regardless of the manner in which the validation on the provider gets called?
Have you tried it with the standard provider and login controls? It could be that it doesn't implement that bit of functionality....... Or if it works, it means the problem is with the custom provider/login control.
Yeah, I've just tested it with the default provider and controls. No worky. Can someone point me to where that would be in the database so I can at least see the column? We have a client that requires the lockout functionality.
I guess it depends on how you've coded the login functionality. Why aren't you using the standard asp.net login controls, they should even work with your custom provider. I'm pretty sure it will be handled out of the box for you. I'd do more extra tests with a asp.net login control and check if this has the same behaviour.
Cheers,
/Dirk
I figured it out. I looked through the 4.5 umbraco source code and the MembershipProvider that's implemented right now does not support the MaxInvalidPasswordAttempts property. If you look in the database, Members are stored in the cmsMember table, which doesn't have a column for FailedPasswordAttemptCount (see the default membership table structure @ http://msdn.microsoft.com/en-us/library/Aa478948.asp2prvdr0102l%28l=en-us%29.gif) so that's why this doesn't work. I can fix this so it does, but if I do, what's the policy/process for getting changes to the codebase into the next release?
Will,
Just had a look at the source and the number of attempts won't be stored in the cmsMember table but in cmsPropertyData table. And my version of the umbraco 4.5 code seems to update the failed attempts as well and lock out the member in case of too many failed attempts.
I guess a good old debugging session is what is required to find out whether it's a bug?
Cheers,
/Dirk
And in case you do find a bug, you can still create a patch and submit it on Codeplex.
Cheers,
/Dirk
Hrmmm, maybe I'm looking in the wrong place then. I was digging around UsersMembershipProvider, specifically in the ValidateUser method. Is there somewhere else I should be looking? Line numbers/FileNames would be awesome!
Oh yeah, UsersMembershipProvider is for the backend, whereas the MembersMembershipProvider is for frontend (File/class lives in same project)
Cheers,
/Dirk
Awesome! Thanks a ton, Dirk! I am seriously loving Umbraco.
is working on a reply...