Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Bo Damgaard Mortensen 719 posts 1207 karma points
    Apr 06, 2016 @ 06:58
    Bo Damgaard Mortensen
    0

    Preventing member lock out

    Hi all,

    I'm running an Umbraco v. 7.4.1 site which uses the member section for secured pages. By default, the members have five attempts of a successful login, else they're being locked out. I expect this is the default ASP.NET behavior.

    Is there a way to prevent this lock out somehow? I've tried to set the following attribute on the membership provider in the config file: maxInvalidPasswordAttempts="999", but members are still being locked out after five attempts.

    Any help/hint is greatly appreciated :-)

    Thanks in advance.

    Bo

    Copy Link
  • Nathalie Festin 4 posts 94 karma points c-trib
    Apr 06, 2016 @ 07:23
    Nathalie Festin
    102

    I have a Umbraco 7.4.1 and added maxInvalidPasswordAttempts="999" to the provider and it works just fine. I didn't try to login 999 times thou. Do you have custom provider or is everything pretty much default?

    My working config here below: 

    <!-- Membership Provider -->
    <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
        <providers>
            <clear />
            <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" maxInvalidPasswordAttempts="999" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" />
            <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
        </providers>
    </membership>
    Copy Link
  • Bo Damgaard Mortensen 719 posts 1207 karma points
    Apr 06, 2016 @ 08:04
    Bo Damgaard Mortensen
    0

    Hi Nathalie,

    Thanks a lot for your reply.

    It's strange, I tested it yesterday where it locked my member after 5 invalid attempts. Today it works as it should :-D

    So, you're right: the maxInvalidPasswordAttempts attribute does indeed to it's job.

    Thanks again.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft