Page 1 of 1
How to disable lockout functionality for Admins
Posted: Mon Jun 13, 2011 11:51 pm
by hubsun
Hi,
How to disable the account lockout for Admins?
Is it possible to have the following options for Admin accounts instead of lockout?
Solution 1: Disable the account lock out, let the CAPTCHA do the work.
Solution 2: For every 5 attempts to login fails, user needs to fill in CAPTCHA
Thanks in advance,
Regards,
Sunil
Re: How to disable lockout functionality for Admins
Posted: Tue Jun 14, 2011 1:54 am
by s_ismail
Hi Sunil,
Have you checked Admin-->Configure-->Security-->Password Policy?
Re: How to disable lockout functionality for Admins
Posted: Tue Jun 14, 2011 2:19 am
by hubsun
Yes, i checked configuration.
But my requirement is to disable the password lockout for Admin users only. Is it possible?
Thanks,
Sunil
Re: How to disable lockout functionality for Admins
Posted: Tue Jun 14, 2011 2:32 am
by s_ismail
Yes it is possible but i think you have to handle this through code customization.
Re: How to disable lockout functionality for Admins
Posted: Tue Jun 14, 2011 2:34 am
by hubsun
Hi,
Can you tell me some pointers like what and where to do customization?
Thanks,
Sunil
Re: How to disable lockout functionality for Admins
Posted: Tue Jun 14, 2011 2:39 am
by s_ismail
Go to Conlib/LoginDialog.ascx.cs
and locate this code
Code: Select all
protected void LoginButton_Click(object sender, EventArgs e)
{
_LastPasswordValue = Password.Text;
User loginUser = UserDataSource.LoadForUserName(UserName.Text);
if (loginUser != null)
{
bool stillNeedsCaptcha = false;
if ((loginUser.IsAdmin) && (!trCaptchaField.Visible))
{
stillNeedsCaptcha = (new MerchantPasswordPolicy()).ImageCaptcha;
}
if (!stillNeedsCaptcha)
{
//EITHER THIS IS NOT AN ADMIN USER, OR THE CAPTCHA IS ALREADY VISIBLE
if ((!trCaptchaField.Visible) || (CaptchaImage.Authenticate(CaptchaInput.Text)))
{
//CAPTCHA IS HIDDEN OR VALIDATED, PROCEED WITH LOGIN ATTEMPT
if (User.Login(UserName.Text, Password.Text))
{
//LOGIN SUCCEEDED, MIGRATE USER IF NEEDED
int newUserId = loginUser.UserId;
int oldUserId = Token.Instance.UserId;
if ((oldUserId != newUserId) && (newUserId != 0))
{
User.Migrate(Token.Instance.User, UserDataSource.Load(newUserId));
Token.Instance.UserId = newUserId;
}
//HANDLE LOGIN PROCESSING
if (trRememberMe.Visible && RememberUserName.Checked)
{
HttpCookie cookie = new HttpCookie("UserName", UserName.Text);
cookie.Expires = DateTime.MaxValue;
Response.Cookies.Add(cookie);
}
else
{
Response.Cookies.Add(new HttpCookie("UserName", ""));
}
//CHECK FOR EXPIRED PASSWORDS
PasswordPolicy policy;
if (loginUser.IsAdmin) policy = new MerchantPasswordPolicy();
else policy = new CustomerPasswordPolicy();
if (policy.IsPasswordExpired(loginUser))
{
ShowPasswordExpired(policy, loginUser);
}
else
{
//REDIRECT TO THE STANDARD PAGE
FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
}
}
else
{
if (loginUser != null)
{
if (!loginUser.IsApproved)
{
AccountDisabled.IsValid = false;
}
else
{
PasswordPolicy policy;
if (loginUser.IsAdmin) policy = new MerchantPasswordPolicy();
else policy = new CustomerPasswordPolicy();
int remainingTries = policy.MaxAttempts - loginUser.FailedPasswordAttemptCount;
if (!loginUser.IsLockedOut && remainingTries > 0)
{
InvalidLogin.ErrorMessage += " You have {0} tries remaining.";
InvalidLogin.ErrorMessage = String.Format(InvalidLogin.ErrorMessage, remainingTries);
InvalidLogin.IsValid = false;
RefreshCaptcha();
}
else
{
AccountLocked.ErrorMessage = String.Format(AccountLocked.ErrorMessage, policy.LockoutPeriod);
AccountLocked.IsValid = false;
}
}
}
else
{
InvalidLogin.IsValid = false;
}
}
}
else
{
//CAPTCHA IS VISIBLE AND DID NOT AUTHENTICATE
CustomValidator invalidInput = new CustomValidator();
invalidInput.ValidationGroup = "Login";
invalidInput.Text = "*";
invalidInput.ErrorMessage = "You did not input the verification number correctly.";
invalidInput.IsValid = false;
phCaptchaValidators.Controls.Add(invalidInput);
CaptchaInput.Text = "";
Password.Attributes.Add("value", string.Empty);
RefreshCaptcha();
}
}
else
{
//THIS IS AN ADMIN USER AND CAPTCHA IS NOT DISPLAYED YET
trCaptchaField.Visible = true;
trCaptchaImage.Visible = true;
trRememberMe.Visible = _EnableAdminRememberMe;
CaptchaImage.ChallengeText = StringHelper.RandomNumber(6);
CustomValidator needsCaptcha = new CustomValidator();
needsCaptcha.ValidationGroup = "Login";
needsCaptcha.Text = "*";
needsCaptcha.ErrorMessage = "Please type the verification number to log in.";
needsCaptcha.IsValid = false;
phCaptchaValidators.Controls.Add(needsCaptcha);
Password.Attributes.Add("value", Password.Text);
}
}
else
{
//THIS IS AN INVALID USER NAME
InvalidLogin.IsValid = false;
}
}
Customize it according to your requirements.
Re: How to disable lockout functionality for Admins
Posted: Tue Jun 14, 2011 3:19 am
by hubsun
I got it. Thank you very much.