Try our conversational search powered by Generative AI!

AI OnAI Off

Unlock locked account in CMS using AspNet Identity

mark.hitchcock
mark.hitchcock
Vote:
 

Hi All,

CMS 11.12.0

I've configured my site to use EPiServer AspNetIdentity as the authentication module. I've also configured user lockout settings in ApplicationBuilderExtensions as per https://world.episerver.com/documentation/developer-guides/CMS/security/episerver-aspnetidentity/

i.e.

manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(365 * 200);
manager.MaxFailedAccessAttemptsBeforeLockout = 5;

I've noticed in the CMS UI when editing a user that the "Account locked (too many failed logon attempts)" is greyed out.  I assume this is a result of the change in authentication OR is there some extra config required to hook this up? i.e. If an account does get locked out I would like to use the existing UI to unlock.

Cheers
Mark

#206432
Aug 21, 2019 9:26
Naveed Ul-Haq
Naveed Ul-Haq
Vote:
 

I think this is because change in authentication. You are not using default authentication provider. 

#206445
Aug 21, 2019 12:58
mark.hitchcock
mark.hitchcock
Vote:
 

yes, thats what I think also, so just wondering if there is config to make it work or something I need to implement?  If not I can just create a plugin that will allow CMS users to update as I can see the values "LockoutEnabled", "LockoutEndDateUtc" and "AccessFailedCount" in "AspNetUsers" getting set correctly.

#206464
Aug 22, 2019 1:14
Binh Nguyen
Binh Nguyen
Vote:
 

Hi,

I saw this post when I have got same problem with you and I write some tips for this here https://world.episerver.com/blogs/binh-nguyen/dates/2020/4/lock-and-unlock-account-using-aspnet-identity/ after investigating.

Hope this still help you

#221731
Apr 24, 2020 3:09
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.