Security :: User Account Was Locked With NO Recorded Failedpassword Attempts?
Feb 22, 2011
user phoned me and said he received an error when attempting to login stating that his account had been locked. I had to unlock the user account today manually through the user interface. Several hours later I had to do it again. Afterwards, when I looked at the aspnet_Membership table it showed NO failed login attempts. LastLockout date for that particular user was set to min date. FailedPasswardAttemptCount was zero. FailedPasswordAttemptWindowStart was min date. I then proceeded to fail logging with the users account name.
I have a website developed using asp.net/C#. I would like to lock an user account on 5 consecutive login failures within a time period of 30 minutes. I do not want to do this on database side. And I know this is cannot be done by session variables. I also do not want to use cookies for this, as a user can easily disable cookies
We're running ASP.Net applicationon the server running Win2k AdvancedServer. Everytime server is rebooted the ASPNET account gets locked, even after unlocking the account, after few mins the account gets into locked mode.
What is the best way when using the ASP login to display to the user that they are locked out?I want the user to know that their account has been locked and action needs to be taken.
I am facing such problem in my asp.net application since last three weeks.Previously It was working fine. I have never changed the account password which is using in impersonation in asp.net application (in web.config). this account locked why I dont know. Is it possible the run application with impersonation account while this account is locked. This account is domain account. Currently application gives run time error that account has been locked.
Here in my work I have four guys managing AD server(2003), and one of this guys, locked an workstation account. I would like to know if there are a way to find out who did this.
i have an asp.net application that connects to a database. I've set up the connection string with the correct server name and username/password. This use to work perfectly. Suddenly for some reason, when i navigate to the site i get a Login failed for user admin. Account locked. I check the server and the account is not locked, but just to be sure i reset the password and change my conn string accordingly. This makes no difference and i still get the account locked error message.
I facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?
Is it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
I need to create individual account for a big group of people (around 200) from an Excel spreadsheet. What is the best practice? It will take too much time to create account using web form. I think there must be a way to do it. I tried to use Stored procedures created by ASP.NET.
If I'm correct the membership functionality separates account and user (profile) data in two tables. Why not one table? What's the design priciple behind this?
I have a custom ASP.NET application which is hosted in the SharePoint _layouts directory. The code uses the object model to do certain actions on a SharePoint list. I'm receiving the following error when trying to perform
[code]...
When I give my user account administrator rights on the server it works fine, so it's a permission problem, but can't figure out what it is?
the only way to make themes work is to allow user "Everyone" to access the folder App_Themes. I am wondering if a more specific user instead of "Everyone" can be granted the access to allow themems work.Account "IIS_IUSRS" and "NETWORK SERVICE" have already been granted access.This is about folder access of Windows 7 running IIS7, not web page authorization configured via web.config. The web page is browsed via local host (i.e. the web page address is something like "[URL]
I have an application which is installed on local pc and is using SQL db. It is a client management system where I want to add capability to register new clients and give them access to my web site which is sharing the same SQL database with local application.
At the moment clients can register on the web site and I have ASP.NET authorisation system set up with aspnetdb_user, aspnetdb_membership and etc tables. But sometimes it happens that I need to register clients on my local application on PC and ideally would like that registration to create online account for the client as well. Then I want to be able to send him user id and password by email and let him know that he has been registered in my database and online account is ready for him as well.
Basically I want to have full synchronization between asp.net membership service and local application through SQL db. As I said both online and local apps are shareing the same SQL database. what would be the best practice to implement it.
Could anyone provide guidance about the common technique of sending an email to the new user -> new user clicks the link in the email -> and then the account becomes activated and ready for use?
Currently using the CreateUserWizard control in .NET v4 and a Membership db in SQL Server 2008. If I need to do this via custom code and not the CreateUserWizard that's fine. Would be nice to see expert thoughts on this common, enterprise quality, new account validation technique.
The link below outlines a technique for sending a confirmation email but does not include activation:[URL]
I wrote an asp.net application that I'm trying to run on a godaddy domain I bought. I need to read a file in a folder that I did not give read access to so that your average user cannot see in the informaion in that folder. I assumed that the asp.net program would have the same credentials as myself because server-side code. Turns out I am wrong. When I go to use the asp.net application it throws an access denied error saying that the ASP.NET user account has to be given permissions to access the folder.
After talking to two different tech support people at godaddy I've come to the realization that they are either dumb or lazy (or a combo of the two).I came across some code that you can put into the web.config file that would allow the asp.net application to impersonate a user, which would work great to use myself as the impersonated user. However it seems that godaddy cannot give me the name of the server that my domain is on (that's understandable) so I don't know what to put in the identity tag to get this to work.
Here is the code I found:
[Code]....
(of course I filled in the username and password with the correct info)
When I went to use it again it threw this error:
System.Web.HttpException: The current identity (PHX3username) does not have write access to 'C:WindowsMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Files'.
Do I just need to make a field for account type in my user account table? In a technical way, if(account type = admin) then the account would log as admin; otherwise, a user with less privileges.
Part of this tutorial entails setting up a GridView which is bound to the collection of UserAccounts, and then enabling paging on the GridView. There are the usual four links for First, Prev, Next, and Last pages, which should work because I have twelve users defined, and the pagesize of my GridView set to 5. I've set up the code to enable or disable the paging links depending on what section of the entire UserGrid is currently visible.
So when I first run the website and go to the ManageUsers.aspx page, I would expect to see only the first five users in my collection. But it shows all twelve.
I must have overlooked something, but I can't find it in the text and examples.
i have a problem with the users authentication on my site. I made <authentication mode="Windows"> in my web.config. The LoginView shows "mycomputermyusername" if i request the page. So far as well. Now i want to login with a different username. Users are stored in an Active Directory. My questions: wich setting i have to do, that user's account and password checked by Active Directory? how can i force the system to make a new login? Logout doesn't work, i always see my on account.
