Forums

how to limit the user login attempts Cancel The title field is required!

1. eva.braun

   

   39 posts
   Registered:
   12 Feb 2015
   04 Apr 2018

   Link to this post

   Hi Team,
   
   we´d like to limit the user login attempts.
   
   If a user could not make a successful login within 3 attempts then the text box for username and password should automatically be disabled. A new login is only allowed after some time.
   
   Can you post a code snipped that can be added to the login.cshtml or something similar to get this working?
   
   Thanks a bunch in advace,
   Eva

2. Sonam Joshi

   

   29 posts
   Registered:
   20 Mar 2017
   Answered

   29 Aug 2018

   Link to this post

   This can be achieved through settings in the Sitefinity backend. Follow the steps below;
   
   Maximum Invalid Password Attempts:
   Navigate to Sitefinity backend > click on Administration tab > click settings > Advance > Security > Membership Providers > Default >Parameters > maxInvalidPasswordAttempts 
   
   Here you can define the value for number of invalid attempts.
   
   To set the Password Attempt Window:
   Under Security > Membership Providers > Default > Parameters > passwordAttemptWindow > set the value for reactivation time for login. The lock out time (passwordAttemptWindow) for the account is set to 10 minutes by default.
   
   To disable the login widget would after max invalid attempt can be done through custom JavaScript.
   
   Thanks

   Last modified on 29 Aug 2018 18:08 by Sonam Joshi