If we want our Umbraco website to block users in case there is a brute force attack for an id we can do this:
- Add 2 properties to your member type: locked [true, false] and failedLogins [Numeric].
- Add the following properties to your UmbracoMembershipProvider key inside webcofig (notice the values are the same as the aliases of the properties we just created):
- umbracoLockPropertyTypeAlias=”locked”
- umbracoFailedPasswordAttemptsPropertyTypeAlias=”failedLogins”
- maxInvalidPasswordAttempts=”3″
- passwordAttemptWindow=”30″
Your webconfig should look something like this:
<add name="UmbracoMembershipProvider"
type="umbraco.providers.members.UmbracoMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
defaultMemberTypeAlias="MyMemberType"
passwordFormat="Hashed"
umbracoLockPropertyTypeAlias="locked"
umbracoFailedPasswordAttemptsPropertyTypeAlias="failedLogins"
maxInvalidPasswordAttempts="3"
passwordAttemptWindow="30"
/>
The rest is handled by Umbraco. You also have a couple of properties to set how many times before a block and how much time the user is blocked. You can use the property defaultMemberTypeAlias to set your memberType alias in case you find any problem.
To unlock a member you need to access the admin panel > members > member: uncheck the checkbox “Blocked” and set “Failed logins” to 0.
Thanks for a marvelous posting! I certainly enjoyed reading it,
you’re a great author.I will be sure to bookmark your blog and may come back from now on.
I want to encourage yourself to continue your great writing, have
a nice morning!
Hi
Can we have the same functionality for umbraco back office users?
I really don’t know, I’ve not been involved in any other Umbraco project in two years so I can’t help much with it.