I'd like to know the default settings for turning umbracoMemberLockedOut on. I assume its x attempts to log in as a member within y seconds. What are the values of x and y?
I understand that I can change the default value of x by setting maxInvalidPasswordAttempts in UmbracoMembershipProvider in the webconfig file. Is it possible to change the default of y also?
I have already used that field and set its value to 6, and I confirm it works as expected :-)
Also, as Jeffrey mentions, I am 99% sure there is no "y" value available in the default membership. Once you are locked out, you have to be unlocked by an admin through the Umbraco backoffice.
Unfortunately, I think that you are locked out "indefinitely", which means until an administrator "manually" unlocks your account via the Umbraco backoffice.
If you want to have a temporary lock out, to my knowledge, I think you will need to make a custom implementation...
umbracoMemberLockedOut
I'd like to know the default settings for turning umbracoMemberLockedOut on. I assume its x attempts to log in as a member within y seconds. What are the values of x and y?
I understand that I can change the default value of x by setting maxInvalidPasswordAttempts in UmbracoMembershipProvider in the webconfig file. Is it possible to change the default of y also?
Your help would be much appreciated.
Thanking you in anticipation.
Roger
Hi Roger,
as far as I know there is no y-value. You can find the MembershipProviderBase that is used over here: https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Core/Security/MembershipProviderBase.cs and you can see that there is a value for passwordAttemptWindow and by default the value is 10.
You can override it in the web.config with the setting passwordAttemptWindow, but I'm really not sure if it's used at all.
But you can check it out, and please let me now if you find out if it's working :),
Jeffrey
Hello,
I have already used that field and set its value to 6, and I confirm it works as expected :-)
Also, as Jeffrey mentions, I am 99% sure there is no "y" value available in the default membership. Once you are locked out, you have to be unlocked by an admin through the Umbraco backoffice.
Cheers,
Michael.
Thanks for your replies, Jeffrey and Michael.
I understand that there may not be a "y" value but, to be locked out, must mean 10 invalid attempts (the default) within a certain period of time.
What is that period of time?
Hello Roger,
Unfortunately, I think that you are locked out "indefinitely", which means until an administrator "manually" unlocks your account via the Umbraco backoffice.
If you want to have a temporary lock out, to my knowledge, I think you will need to make a custom implementation...
Cheers,
Michael.
Hello again Roger,
I think I have good news for you: it seems there is already a package that exists for that: https://our.umbraco.org/projects/website-utilities/lockout-membership-provider
From what I read, I think it does exactly what you need :-)
Hope this helps.
Cheers,
Michael.
Thanks, Michael, I'll look at this package.
Roger.
is working on a reply...