Help get this topic noticed by sharing it on Twitter, Facebook, or email.

How do you overide login and failed password attempt counts

The only article I found on this was over 8 years old (link below) and I couldn't find anything in the online user guide. I am using Touch UI, unlimited and custom membership and role providers. Can someone advise on the following questions:
(1) what is the current process to use a different value for login and failed password attempts e.g. changing them from 5 to 10
(2) Other documentation I found mentions changing user locked out from yes to no which is straight forward but their failed password attempt is still "5". It doesn't seem to reset back to 0, do you have to do this manually or does it start to increase to the next value of 10?
(3) should you reset the counter from 5 back to 0?
(4) If it remains at 5 how does the user get locked out for future failed password attempt or attempts?

http://community.codeontime.com/codeo...

Regards
Steve
1 person has
this question
+1
Reply
  • Hi, Steve.

    You may override UserLogin function from ApplicationServices class to perform your custom logic.
    Source: https://codeontime.com/learn/security/handling-login-and-logout

    You may also refer Link to setup your own membership configuration.

    Regards
    Justin
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned sad, anxious, confused, frustrated kidding, amused, unsure, silly happy, confident, thankful, excited

  • Hi Justin
    Thanks, I probably worded that incorrectly, I don't actually want to override the login functionality, I just want to replace the standard count for failed password attempts from 5 to 10. The link in my original post seems to do this by updating the web config file but its very old.
    Steve
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned sad, anxious, confused, frustrated kidding, amused, unsure, silly happy, confident, thankful, excited

  • Hi, to customize your web.config to allow 10 login attempts using maxInvalidPasswordAttempts="10" try this:

    Find the membership providers section in your existing app/web.config and copy what is within it, you will then need to paste it into your custom configuration. This configuration section is under Settings --> Globalization and Localization --> click Next --> find box below the port number to enter your web.config customization. Add maxInvalidPasswordAttempts="10" at the end of your copied providers section from web.config (the clear and add name lines from within providers section)

    example of customization:
    (I had to remove the html brackets in order to display here, so include those when you enter them into the configuration box)

    AppendChild: /configuration/system.web/membership/providers

    clear
    add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
    connectionStringName="Your connection string name"
    applicationName="Your application name"
    maxInvalidPasswordAttempts="10"

    The resetting of aspnet membership failedpasswordattemptcount and islockedout values will happen when you use membership manager to unlock your user, but you can optionally update those fields with a SQL action button that runs: (assuming you have the username):

    update aspnet_membership set islockedout=0,failedpasswordattemptcount=0 where userid in (select userid from aspnet_users where username='user name')

    Hope this helps you out!
    Jo

  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned sad, anxious, confused, frustrated kidding, amused, unsure, silly happy, confident, thankful, excited

  • Apparently this works also (under Settings --> Client & Server)

    SetAttribute: /configuration/system.web/membership/providers/add
    maxInvalidPasswordAttempts: 10
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned sad, anxious, confused, frustrated kidding, amused, unsure, silly happy, confident, thankful, excited