Re: Lock a User/MembershipProvider/Login control
- From: Brock Allen <ballen@xxxxxxxxxxxxxxxxx>
- Date: Thu, 18 May 2006 19:06:31 +0000 (UTC)
Well, there is a DisableCreatedUser property on the CreateUserWizard -- don't know if this helps.
-Brock
http://staff.develop.com/ballen
Thanks Brock,
so there is no direct support of this feature in the Login control.
I dont know why I always have to walk through those gray areas when
implementing standard requirements ;-)
ulrich
"Brock Allen" wrote:
This is a gray area in provider design. The intent of IsLockedOut is
to prevent an attacker from guessing passwords. To that end, it's up
to the provider internally to determine when this is happening and to
lock the user out. So their semantics and use for IsLockedOut is very
specific, thus they intended for each specific membership provider to
"figure it out". Since there is no LockUser API it seems that they
didn't intend for it to be used as a general "suspension" mechanism
for users.
-Brock
http://staff.develop.com/ballen
Hi experts,
i wrote a custom MembershipProvider and when i come to implement the
method
"UnlockUser" i wonder that there is no method "LockUser".
The member "IsLockedOut" of a MembershipUser is readony.
So, how do I lock a user?
I extend my custom provider class with a Method "LockUser". Is that
the right way?
Second question:
Does the Login control locks a User automatically, if the members
"MaxInvalidPasswordAttempts" and "PasswordAttemptWindow" are set or
do i have to code this manually in the eventhandlers of this
control?
Thanks in advance,
ulrich
.
- Prev by Date: Confusion about Password Recovery
- Next by Date: Re: Confusion about Password Recovery
- Previous by thread: Re: Lock a User/MembershipProvider/Login control
- Next by thread: Confusion about Password Recovery
- Index(es):
Relevant Pages
|
