473,832 Members | 2,346 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Asp.net Membership Lock Out

I am using the standard asp.net membership provider. I have users who
forget their password. They attempt to login 5 times and they get
locked out. The membership configuration in web.config follows.

<add connectionStrin gName="SomeDB" enablePasswordR etrieval="false "
enablePasswordR eset="true" requiresQuestio nAndAnswer="fal se"
applicationName ="SomeApp" requiresUniqueE mail="true"
passwordFormat= "Hashed" maxInvalidPassw ordAttempts="5"
passwordAttempt Window="10" passwordStrengt hRegularExpress ion=""
minRequiredPass wordLength="6" minRequiredNona lphanumericChar acters="0"
name="AspNetSql MembershipProvi der"
type="System.We b.Security.SqlM embershipProvid er"/>

Once the user is locked out, the reset password doesn't work. I have
to unlock the user before it will send a new password. Is this the
correct operation of this feature? Do I have to manually unlock these
users before they can retrieve a new password?

Thanks.

Rob
Jan 3 '08 #1
2 20651
On 3 Jan, 18:30, rmgala...@galaw are.com wrote:
I am using the standard asp.net membership provider. I have users who
forget their password. They attempt to login 5 times and they get
locked out. The membership configuration in web.config follows.

<add connectionStrin gName="SomeDB" enablePasswordR etrieval="false "
enablePasswordR eset="true" requiresQuestio nAndAnswer="fal se"
applicationName ="SomeApp" requiresUniqueE mail="true"
passwordFormat= "Hashed" maxInvalidPassw ordAttempts="5"
passwordAttempt Window="10" passwordStrengt hRegularExpress ion=""
minRequiredPass wordLength="6" minRequiredNona lphanumericChar acters="0"
name="AspNetSql MembershipProvi der"
type="System.We b.Security.SqlM embershipProvid er"/>

Once the user is locked out, the reset password doesn't work. I have
to unlock the user before it will send a new password. Is this the
correct operation of this feature? Do I have to manually unlock these
users before they can retrieve a new password?

Thanks.

Rob
Hi

The help files for the Membership class say this:

"If the number of invalid passwords or password answers entered for a
membership user is greater than or equal to the value of the
MaxInvalidPassw ordAttempts property within the number of minutes
specified by the PasswordAttempt Window property, then the user is
locked out of the Web site by setting the IsLockedOut property to true
until the user is unlocked by a call to the UnlockUser method.

If a valid password or password answer is supplied before the value of
the MaxInvalidPassw ordAttempts property is reached, the counter that
tracks the number of invalid attempts is set to zero."

My interpretation of this is that a lock-out status cannot be undone
with a belated request for help by the user.

If I'm right then the only way round it is to create a custom process
for password retrieval that will execute the UnLockuser method once
the user has been verified as genuine (perhaps by e-mail).
Jan 3 '08 #2
On Jan 3, 5:33*pm, Phil H <goo...@philpha ll.me.ukwrote:
On 3 Jan, 18:30, rmgala...@galaw are.com wrote:


I am using the standard asp.net membership provider. I have users who
forget their password. They attempt to login 5 times and they get
locked out. The membership configuration in web.config follows.
<add connectionStrin gName="SomeDB" enablePasswordR etrieval="false "
enablePasswordR eset="true" requiresQuestio nAndAnswer="fal se"
applicationName ="SomeApp" requiresUniqueE mail="true"
passwordFormat= "Hashed" maxInvalidPassw ordAttempts="5"
passwordAttempt Window="10" passwordStrengt hRegularExpress ion=""
minRequiredPass wordLength="6" minRequiredNona lphanumericChar acters="0"
name="AspNetSql MembershipProvi der"
type="System.We b.Security.SqlM embershipProvid er"/>
Once the user is locked out, the reset password doesn't work. I have
to unlock the user before it will send a new password. Is this the
correct operation of this feature? Do I have to manually unlock these
users before they can retrieve a new password?
Thanks.
Rob

Hi

The help files for the Membership class say this:

"If the number of invalid passwords or password answers entered for a
membership user is greater than or equal to the value of the
MaxInvalidPassw ordAttempts property within the number of minutes
specified by the PasswordAttempt Window property, then the user is
locked out of the Web site by setting the IsLockedOut property to true
until the user is unlocked by a call to the UnlockUser method.

If a valid password or password answer is supplied before the value of
the MaxInvalidPassw ordAttempts property is reached, the counter that
tracks the number of invalid attempts is set to zero."

My interpretation of this is that a lock-out status cannot be undone
with a belated request for help by the user.

If I'm right then the only way round it is to create a custom process
for password retrieval that will execute the UnLockuser method once
the user has been verified as genuine (perhaps by e-mail).- Hide quoted text -

- Show quoted text -
My solution is to unlock the user in the PasswordRecover y event,
VerifyingUser.
Jan 8 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1312
lock in
by: Joel & Jing | last post by:
Hello - There's a revolutionary money making phenomenon that is spreading across the Internet like WILDFIRE! One SINGLE and straight POWERLINE with a profit sharing concept. The only one and the best ever there is in the net. Introducing A Brand-New 100% Internet-Based Business With A Revolutionary New AUTOMATED "No-Rejection" Downline Building System That Will Give You Spillover Within The Hour You Join!
MySQL Database
12
10037
Possible to lock a row within a stored procedure in SQL Server 2000?
by: M Wells | last post by:
Hi All, I have a table that holds pregenerated member IDs. This table is used to assign an available member id to web site visitors who choose to register with the site So, conceptually the process has been, from the site (in ASP), to: - select the top record from the members table where the assigned flag
Microsoft SQL Server
2
1933
Data Lock on Form
by: Andy | last post by:
newbie question here--- In Table1 I have basic membership information. Table 2 is 'event' information. I have a form for Table2 with a combo box, where the user will pick a member from Table1, and then fill in the rest of the data. My question is this - I fear the combo box will be used incorrectly - that is, they will use it to 'find' a record. Click on the drop down box and make a selection. However doing that of course does not find a...
Microsoft Access / VBA
3
2449
Membership Provider
by: Morgan | last post by:
Sorry for cross post, forgot to include aspnet in orinal... Thanks in advance for any assistance. I'm in the process of implementing custom RoleProvider & Membership Provider objects and have run into a snag with the Membership Provider. It seems many of the MembershipUser properties are read-only. This seems, well stupid, IMO.
ASP.NET
9
2177
Disabling ASP.net 2.0 Membership
by: Paul Keegstra | last post by:
Hi, I am currently working on an asp.net 2.0 web site that is a replacement of a classic asp web site. The current web site uses a Commerce Server 2002 database for storing user information. It does not currently use any of the Commerce Server 2002 functionality with the exception of the user authentication features. I have written my replacement application to use a custom login form and custom connection string so that I can use...
ASP.NET
3
1926
update more than only the email with asp.net membership
by: ibiza | last post by:
Hi all, I am currently developing in asp.net 2.0 and I was at first impressed with the numerous login and user controls they provided to ease the task of managing users. But I am starting to think it's an hassle for certain tasks...here's my problem : I have created some users and successfully log them with the supplied
.NET Framework
2
1555
Lock application for use by one user at a time
by: UnglueD | last post by:
Hello. I recently wrote an application that reads from a database and calls a webservice to output an xml file to an FTP directory. I published this application so that a couple of people in my department could use it. However, I now run into the problem where 2 or more people might use the application at a time. What I need to know is how to lock down the application so that it can only be used by one person at a time.
ASP.NET
1
1484
OOP help (in regards to ASP.NET Membership)
by: mazdotnet | last post by:
Hi all, I just found out that ASP.NET membership does not have a method to lock accounts (only Unlock user) See http://forums.asp.net/p/825946/825946.aspx Question was 'I understand that the MembershipUser.UnlockUser method will unlock an account (set the aspnet_Membership IsLockedOut back to 0 so on), but I see no way to Set LockUser. Is there nothing built in
.NET Framework
2
1877
Membership - adding methods (programming help)
by: mazdotnet | last post by:
Hi all, I just found out that ASP.NET membership does not have a method to lock accounts (only Unlock user) See http://forums.asp.net/p/825946/825946.aspx Question was 'I understand that the MembershipUser.UnlockUser method will unlock an account (set the aspnet_Membership IsLockedOut back to 0 so on), but I see no way to Set LockUser. Is there nothing built in to Membership to do this? '
ASP.NET
0
9794
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9642
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10212
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
7753
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6951
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5623
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5788
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3968
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
3077
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us