Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tom Van Rompaey 38 posts 136 karma points
    Jul 24, 2014 @ 18:36
    Tom Van Rompaey
    0

    Locked out admin user

    Hi,

    We entered the wrong password a few times and now we seem to locked ourself out from our own backoffice account.....

    Is there any way to reset this so we can log in at the backoffice again? 

    We're using Umbraco 7.1.4 by the way

    2014-07-24 17:29:05,213 [27] INFO  Umbraco.Web.Security.Providers.UmbracoMembershipProvider`2[[Umbraco.Core.Services.IMembershipUserService, Umbraco.Core, Version=1.0.5261.28127, Culture=neutral, PublicKeyToken=null],[Umbraco.Core.Models.Membership.IUser, Umbraco.Core, Version=1.0.5261.28127, Culture=neutral, PublicKeyToken=null]] - [Thread 54] Member XXXXX is now locked out, max invalid password attempts exceeded
  • Dennis Aaen 4440 posts 17904 karma points admin hq c-trib
    Jul 25, 2014 @ 12:53
    Dennis Aaen
    101

    Hi tranro,

    Yes if you entered your credentials wrong 5 times, you will be looked out. You can set maxInvalidPasswordAttempts to a different value for the UsersMembershipProvider in your web.config file. For example maxInvalidPasswordAttempts="15".

    It's to prevent hackers from trying millions of passwords trying to guess yours.

    But if you can´t remember your password or get a colleague to change you password for your user  and have access to the databse, then you could reset the password in the database for your user.

    BUT be careful you are dealing with the database !

    Try to see this post where Jan and I describe how I can be done.

    http://our.umbraco.org/forum/using/ui-questions/49134-Forget-My-Password-For-Umbraco-Admin-Site

    Hope you get it solved.

    /Dennis

  • Tom Van Rompaey 38 posts 136 karma points
    Jul 26, 2014 @ 09:25
    Tom Van Rompaey
    0

    Thank you Dennis! We solved it

  • Dan Diplo 1490 posts 5791 karma points MVP 4x c-trib
    Jul 29, 2014 @ 12:15
    Dan Diplo
    0

    How long is the lockout period? It's not infinite, is it?

    I hope not, because otherwise a malicious person realises your site is in Umbraco (which isn't too difficult) and then deliberately keeps entering the wrong password for the "admin" account. Isn't this going to lock that account out permanently? 

  • Nick Beaugié 28 posts 80 karma points
    May 16, 2017 @ 22:30
    Nick Beaugié
    1

    Just in case anyone has this problem with an upgrade to 7.6.1 (like I have) then check the before-and-after of the UmbracoMembershipProvider and UsersMembershipProfile settings.

    7.6 seems to enforce a stronger model. All fine and well for a brand new site, but it meant that I could not log in until I reverted the values.

    Previous values:

    <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="10" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" allowManuallyChangingPassword="false" />
    <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="10" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" allowManuallyChangingPassword="false" />
    

    Newer values:

    <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" />
    <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
    
  • Craig Mayers 164 posts 506 karma points
    May 16, 2017 @ 23:07
    Craig Mayers
    0

    FYI:

    There is also a cool little package by Richard Soeteman that would also do the job. Check it out!

    https://our.umbraco.org/projects/developer-tools/umbraco-admin-reset/

    Works a treat!

  • Dean Wiseman 21 posts 90 karma points
    Oct 29, 2019 @ 13:08
    Dean Wiseman
    0

    Seeing as nobody answered Dan Diplos quesiton I'll ask it again.

    How long is the lockout period?

Please Sign in or register to post replies

Write your reply to:

Draft