2
Vote

maxInvalidPasswordAttempts with YafMembershipProvider not working

description

Hello,

We are using YAF 1.9.5.5. We are trying to configure maxInvalidPasswordAttempts in the web.config with YafMembershipProvider. But it doesn´t work as we expected.

You can try to enter a bad password as many times as you want and the account doesn´t get locked. We also have tried AspNetSqlMembershipProvider and have changed some parameters to fix the problem but nohting changed. I don´t know whether we are doing something wrong or whether it is a product issue.

This is an extract from our web.config:

<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
        <providers>
            <clear/>
            <add name="YafMembershipProvider" applicationName="YetAnotherForum" connectionStringName="yafnet"   minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="true" maxInvalidPasswordAttempts="3" passwordAttemptWindow="2" requiresQuestionAndAnswer="false" useSalt="true" type="YAF.Providers.Membership.YafMembershipProvider" />
        </providers>
    </membership>
Somewhere I read that requiresQuestionAndAnswer had to be set to false in order to work maxInvalidPasswordAttempts. We have tried setting it to true and false with no difference.

Thank you for any help you can provide with this issue.

comments

tha_watcha wrote Aug 11, 2013 at 8:32 AM

Sorry but that feature to lock a user after maxInvalidPasswordAttempts has reached is currently not implemented in yaf

drolano wrote Aug 26, 2013 at 9:31 AM

Thank you very much.