Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Roger Withnell 128 posts 613 karma points
    Apr 11, 2017 @ 09:50
    Roger Withnell
    0

    umbracoMemberLockedOut

    I'd like to know the default settings for turning umbracoMemberLockedOut on. I assume its x attempts to log in as a member within y seconds. What are the values of x and y?

    I understand that I can change the default value of x by setting maxInvalidPasswordAttempts in UmbracoMembershipProvider in the webconfig file. Is it possible to change the default of y also?

    Your help would be much appreciated.

    Thanking you in anticipation.

    Roger

  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Apr 12, 2017 @ 07:44
    Jeffrey Schoemaker
    0

    Hi Roger,

    as far as I know there is no y-value. You can find the MembershipProviderBase that is used over here: https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Core/Security/MembershipProviderBase.cs and you can see that there is a value for passwordAttemptWindow and by default the value is 10.

    You can override it in the web.config with the setting passwordAttemptWindow, but I'm really not sure if it's used at all.

    But you can check it out, and please let me now if you find out if it's working :),

    Jeffrey

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Apr 12, 2017 @ 07:59
    Michael Latouche
    0

    Hello,

    I have already used that field and set its value to 6, and I confirm it works as expected :-)

    Also, as Jeffrey mentions, I am 99% sure there is no "y" value available in the default membership. Once you are locked out, you have to be unlocked by an admin through the Umbraco backoffice.

    Cheers,

    Michael.

  • Roger Withnell 128 posts 613 karma points
    Apr 12, 2017 @ 15:52
    Roger Withnell
    0

    Thanks for your replies, Jeffrey and Michael.

    I understand that there may not be a "y" value but, to be locked out, must mean 10 invalid attempts (the default) within a certain period of time.

    What is that period of time?

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Apr 13, 2017 @ 07:16
    Michael Latouche
    100

    Hello Roger,

    Unfortunately, I think that you are locked out "indefinitely", which means until an administrator "manually" unlocks your account via the Umbraco backoffice.

    If you want to have a temporary lock out, to my knowledge, I think you will need to make a custom implementation...

    Cheers,

    Michael.

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Apr 13, 2017 @ 07:19
    Michael Latouche
    0

    Hello again Roger,

    I think I have good news for you: it seems there is already a package that exists for that: https://our.umbraco.org/projects/website-utilities/lockout-membership-provider

    From what I read, I think it does exactly what you need :-)

    Hope this helps.

    Cheers,

    Michael.

  • Roger Withnell 128 posts 613 karma points
    Apr 13, 2017 @ 08:58
    Roger Withnell
    0

    Thanks, Michael, I'll look at this package.

    Roger.

Please Sign in or register to post replies

Write your reply to:

Draft