brockallen
commented
8 years ago You could possibly handle the locked out event and then toggle the other flag (is login allowed, IIRC?) which is more explicit/manual.
Closed JohnMcAvinue closed 8 years ago
brockallen
commented
8 years ago You could possibly handle the locked out event and then toggle the other flag (is login allowed, IIRC?) which is more explicit/manual.
JohnMcAvinue
commented
8 years ago That could work alright. Thanks for the quick reply!
JohnMcAvinue
commented
8 years ago The problem with this code is that the IsLoginAllowed property is protected internal so I can't access that value from the event:
public class LockAccountWhenTooManyFailedLoginAttempts : IEventHandler<TooManyRecentPasswordFailuresEvent<CustomUser>> { public void Handle(TooManyRecentPasswordFailuresEvent<CustomUser> evt) { evt.Account.IsLoginAllowed = false; } }
brockallen
commented
8 years ago Aren't there extension methods or other help APIs to get at it? I don't remember, to be honest, and would have to look at the code.
JohnMcAvinue
commented
8 years ago Yeah you're right there's a method on UserAccountService which does this. Thanks!
Hi,
In our application, once an account has been locked due to too many incorrect password attempts, an administrator must unlock the users account for them before they can login.
I can see the implementation of the lock out window for a specified duration, but it there any way to leave it locked until it the FailedLoginCount on account has been reset?
Also, thanks for such a great framework!