Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0Add Support for passwordAttemptThreshold Add Support for passwordAttemptThreshold
Previous
 
Next
New Post
3/9/2006 10:10 AM
 
Joe Terhune

Joined: 5/9/2005
Posts: 7
It appears that not all the Configuration attributes listed for DNNSQLMembershipProvider are supported.  I have a need to change the passwordAttemptThreshold and when I added the attribute I got an Attribute not recognized error.  Any plans to add this support?
 
New Post
4/11/2006 3:13 PM
 
Sherman Woo

Joined: 6/4/2003
Posts: 2

Hello, I am looking into this myself. If you look at the source code for the DNNSQLMembershipProvider class, it's not really doing too much. In other words, it looks like it's inheriting from System.Web.Security.SqlMembershipProvider, and only overriding the ApplicationName property. A look into the SqlMembershipProvider class and you'll see there is no such property called "PasswordAttemptThreshold", but there is one called "MaxInvalidPasswordAttempts".

If you add the "maxInvalidPasswordAttempts" attribute (notice the case) to web.config, it sort of works. I am getting inconsisten results. Sometimes, the application runs fine, and indeed the account does get locked out after the specified number of attempts (verified in database). Sometimes, the DNN site either completely or partially crashes (object reference errors).

Also, note that even the default "signin.ascx" component does not seem to do anything with the "UserLockedOut" message; nothing appears on the screen

So, I'm still trying to figure out how it all works so I can replicate it in my custom logon component.

Hope this information helps though.
 
New Post
4/11/2006 4:28 PM
 
Sherman Woo

Joined: 6/4/2003
Posts: 2

Update:

It looks like that attribute "maxInvalidPasswordAttempts" does work after all. The object reference errors I was getting was probably related to the environment (I was also unable to debug). A reboot fixed that.

Once I was able to set the value, I tested to make sure it was working, checking the database for confirmation. You need to look at the "aspnet_Membership" table and use the following TSQL (for simplicity, really):

SELECT     Email, IsLockedOut, LastLockoutDate, FailedPasswordAttemptCount, FailedPasswordAttemptWindowStart
FROM         aspnet_Membership

As I mentioned above, I wrote a custom login component, thus far mimicing the functionality of the signin.ascx user control (converted to C#). I found two bugs in the original signin.ascx.vb file:

Line 212 displays the error message; however it never gets hit for the UserLockedOut error. Move one of the "End If" statements (e.g., Line 214) above the check for _userID > 0.

Doing the above also results in another error at Line 172, where _userID is delcared. Move this line outside of the "If" statement before Line 166 (where objUserInfo is declared), and it seems to work.

Warning: this may have some system-wide implications that I have not yet tested, but at least the built-in password attempts lockout mechanism seems to work now.
 
New Post
4/11/2006 4:47 PM
 

Joined: 1/1/0001
Posts: 0
Puckboy wrote

Also, note that even the default "signin.ascx" component does not seem to do anything with the "UserLockedOut" message; nothing appears on the screen

it looks like the function is not calling the display method:

Private Sub cmdLogin_Click(ByVal sender As Object, ByVal e As EventArgs) Handles cmdLogin.Click

...

... at last 3 lines of function add the following line: ( i think i have the correct placement to display the failed attempts)

         UI.Skins.Skin.AddModuleMessage(Me, strMessage, UI.Skins.Controls.ModuleMessage.ModuleMessageType.RedError)

      End If

   End If

End Sub

HTH

 
 
 Page 1 of 1
Previous
 
Next
HomeHomeArchived Discus...Archived Discus...Developing Under Previous Versions of .NETDeveloping Under Previous Versions of .NETASP.Net 2.0ASP.Net 2.0Add Support for passwordAttemptThreshold Add Support for passwordAttemptThreshold


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out