Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Darryl Godden 145 posts 197 karma points
    Mar 29, 2011 @ 11:19
    Darryl Godden
    0

    Membership & Umbraco

    Hi guys,

    I'm looking at locking out users after incorrect password attempts (maxInvalidPasswordAttempts & passwordAttemptWindow from Membership) I believe that the UmbracoMembershipProvider and the UsersMembershipProvider do not provide this facility. I have tried adding those values to them with no effect.

    I have looked over this forum for information about this and noted several forum posts, but I am now more confused than when I started.

    Is, from what I have read is it correct, I will need to install the default ASP.NET Membership provider and use that, negating the ability to use the members section of the Umbraco Admin? Also meaning I would have to create standard custom screens to create/update users, reset users etc...?

    A bit of guidance would be much appreciated.

    Thanks.

  • Daniel Bardi 927 posts 2562 karma points
    Mar 29, 2011 @ 11:38
    Daniel Bardi
    0

    You can build your own membership provider and have it handled within the cms using umbracos ui (no custom form).

    You need to point to your custom provider in the web.config and umbracoSettings.config.

  • Darryl Godden 145 posts 197 karma points
    Mar 30, 2011 @ 10:25
    Darryl Godden
    0

    Hi Daniel,

    Thanks for your response. I have installed the ASP.NET membership database and changed the web.config:

    <membership defaultProvider="AlabamaCustomMembershipProvider" userIsOnlineTimeWindow="15">
                <providers>
                    <clear />
                    <add name="UmbracoMembershipProvider" 
                         type="umbraco.providers.members.UmbracoMembershipProvider" 
                         enablePasswordRetrieval="false" 
                         enablePasswordReset="false" 
                         requiresQuestionAndAnswer="false" 
                         defaultMemberTypeAlias="Another Type" 
                         passwordFormat="Hashed" />
    
                    <add name="UsersMembershipProvider" 
                         type="umbraco.providers.UsersMembershipProvider" 
                         enablePasswordRetrieval="false" 
                         enablePasswordReset="false" 
                         requiresQuestionAndAnswer="false" 
                         passwordFormat="Hashed" />
    
                    <add name="AlabamaCustomMembershipProvider"
                         type="System.Web.Security.SqlMembershipProvider"
                         connectionStringName="AlabamaConnString"
                         enablePasswordRetrieval="false"
                         enablePasswordReset="false"
                         requiresQuestionAndAnswer="false"
                         passwordFormat="Hashed"
                         maxInvalidPasswordAttempts="3"
                         passwordAttemptWindow="5"/>
                </providers>
            </membership>

    You say about changing the UmbracoSettings.config, which I have open now, but I cannot see any attribute that would be required for this to work?

    I have logged in and created a member, but now when I click on their ID in the members list I get "No user with name 'dg-2102' exists". Is this part of the problem of a setting missing from the UmbracoSettings.config?

    Thanks again.

  • Daniel Bardi 927 posts 2562 karma points
    Mar 30, 2011 @ 11:50
    Daniel Bardi
    0

    Search in the umbracoSettings.config for DefaultBackofficeProvider

    The reason you don't see the user is because of this setting not be set to your provider.

    Let me know if all works out.

  • Darryl Godden 145 posts 197 karma points
    Mar 30, 2011 @ 12:05
    Darryl Godden
    0

    Hi Daniel,

    I found that property, but when I updated it to reflect the new provider I could not log-in using my Umbraco admin password!

    Thanks.

  • Daniel Bardi 927 posts 2562 karma points
    Mar 30, 2011 @ 12:25
    Daniel Bardi
    0

    Darryl.. my bad.. I go the UserProvider and MemberProvider mixed up... Change the setting back in the umbracoSettings.config.

    Add the roleprovider in the web.config, like below:

        <roleManager enabled="true" defaultProvider="AlabamaCustomRoleProvider">
          <providers>
            <clear />
            <add name="UmbracoRoleProvider" type="umbraco.providers.members.UmbracoRoleProvider" />
            <add name="AlabamaCustomRoleProvider"
                 type="System.Web.Security.SqlRoleProvider"
                 connectionString="AlabamaConnString"/>
          </providers>
        </roleManager>
  • Darryl Godden 145 posts 197 karma points
    Mar 30, 2011 @ 14:19
    Darryl Godden
    0

    Hi Daniel,

    After making these changes, do I need to run through set-up again? as once I do this I cannot login using the admin password.

    Cheers.

  • Daniel Bardi 927 posts 2562 karma points
    Mar 30, 2011 @ 23:16
    Daniel Bardi
    1

    You will be able to login the backoffice. just change the DefaultBackofficeProvider back to UsersMembershipProvider

  • Darryl Godden 145 posts 197 karma points
    Mar 31, 2011 @ 14:59
    Darryl Godden
    0

    Hi Daniel,

    Thanks for your help with this.

    With your help I have solved it. I installed the ASP.NET membership (aspnet_regsql) into the same database that my Umbraco installation is running from. I changed the default provider for Umbraco to a new one pointing at the the new membership installation.

    I changed the roleManager to:

    <siteMap defaultProvider="UmbracoSiteMapProvider" enabled="true">
                <providers>
                    <clear />
                    <add name="UmbracoSiteMapProvider" type="umbraco.presentation.nodeFactory.UmbracoSiteMapProvider" 
                         defaultDescriptionAlias="description" securityTrimmingEnabled="true" />
                </providers>
            </siteMap>

    I changed the defaultBackOfficeProvider back to the Umbraco setting:

    <providers>
            <users>
                <!-- if you wish to use your own membershipprovider for authenticating to the umbraco back office -->
                <!-- specify it here (remember to add it to the web.config as well) -->
            <DefaultBackofficeProvider>UsersMembershipProvider</DefaultBackofficeProvider>
            <!--<DefaultBackofficeProvider>AlabamaCustomMembershipProvider</DefaultBackofficeProvider>-->
            </users>
        </providers>

    I then deleted the version number from the web.config file (umbracoConfigurationStatus) and ran through the installation prcedure again (/default/install.aspx).

    This is now working with the maxInvalidPasswordAttempts and a lockout. If anyone is interested I also have created a custom section with various membership functions (unlock user etc...) for the application.

    Thanks again, much deserved karma coming your way.

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Mar 31, 2011 @ 16:03
    Michael Latouche
    2

    Hi Darryl,

    For your information, I think it was possible to do this using the default UmbracoMembershipProvider, by adding some extra properties to your MemberType and linking them to the umbraco membership provider settings in the web.config file.

    See this wiki post for more information: our.umbraco.org/.../umbracomembershipprovider-properties

    In your case, I think you just need to add a property "umbracoLockPropertyTypeAlias" to your MemberType.

    I used this to solve a similar problem, and if it works for you, it is much more easy than writing extra code and changing providers in your web.config. Plus, in this case, the Umbraco member management section keeps working like a charm and the extra properties appear on your member details (you can lock-unlock users from there) :-)

    Cheers,

    Michael.

  • Daniel Bardi 927 posts 2562 karma points
    Mar 31, 2011 @ 19:58
    Daniel Bardi
    0

    @Michael: Great answer as well... and sticks with umbraco standards..

    @Darryl: Michaels answer is awesome.. I was under the impression you wanted to use a seperate provider, but it now appears you only wanted to expose some additional properties.. I recommend Michaels solution.

  • Darryl Godden 145 posts 197 karma points
    Apr 05, 2011 @ 14:43
    Darryl Godden
    0

    It does look awesome. The site is now working as per the provider I had previously installed. I will definately look at Michael's solution in the future.

  • Manish 1 post 21 karma points
    Jun 14, 2012 @ 11:19
    Manish
    0

    Is this possible to do the same for backoffice , lockign the user if they attempt 3 wrong passwords

Please Sign in or register to post replies

Write your reply to:

Draft