Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Bo Damgaard Mortensen 719 posts 1207 karma points
    Apr 06, 2016 @ 06:58
    Bo Damgaard Mortensen
    0

    Preventing member lock out

    Hi all,

    I'm running an Umbraco v. 7.4.1 site which uses the member section for secured pages. By default, the members have five attempts of a successful login, else they're being locked out. I expect this is the default ASP.NET behavior.

    Is there a way to prevent this lock out somehow? I've tried to set the following attribute on the membership provider in the config file: maxInvalidPasswordAttempts="999", but members are still being locked out after five attempts.

    Any help/hint is greatly appreciated :-)

    Thanks in advance.

    Bo

    Copy Link
  • Nathalie Festin 4 posts 94 karma points c-trib
    Apr 06, 2016 @ 07:23
    Nathalie Festin
    102

    I have a Umbraco 7.4.1 and added maxInvalidPasswordAttempts="999" to the provider and it works just fine. I didn't try to login 999 times thou. Do you have custom provider or is everything pretty much default?

    My working config here below: 

    <!-- Membership Provider -->
    <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
        <providers>
            <clear />
            <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" maxInvalidPasswordAttempts="999" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" />
            <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
        </providers>
    </membership>
    Copy Link
  • Bo Damgaard Mortensen 719 posts 1207 karma points
    Apr 06, 2016 @ 08:04
    Bo Damgaard Mortensen
    0

    Hi Nathalie,

    Thanks a lot for your reply.

    It's strange, I tested it yesterday where it locked my member after 5 invalid attempts. Today it works as it should :-D

    So, you're right: the maxInvalidPasswordAttempts attribute does indeed to it's job.

    Thanks again.

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies