Closed JohnMcAvinue closed 8 years ago
You could possibly handle the locked out event and then toggle the other flag (is login allowed, IIRC?) which is more explicit/manual.
That could work alright. Thanks for the quick reply!
The problem with this code is that the IsLoginAllowed property is protected internal so I can't access that value from the event:
public class LockAccountWhenTooManyFailedLoginAttempts : IEventHandler<TooManyRecentPasswordFailuresEvent<CustomUser>> { public void Handle(TooManyRecentPasswordFailuresEvent<CustomUser> evt) { evt.Account.IsLoginAllowed = false; } }
Aren't there extension methods or other help APIs to get at it? I don't remember, to be honest, and would have to look at the code.
Yeah you're right there's a method on UserAccountService which does this. Thanks!
Hi,
In our application, once an account has been locked due to too many incorrect password attempts, an administrator must unlock the users account for them before they can login.
I can see the implementation of the lock out window for a specified duration, but it there any way to leave it locked until it the FailedLoginCount on account has been reset?
Also, thanks for such a great framework!