I am new to web matrix and web security concept. I used the IsAccountLockedOut(String, Int32, Int32) method to check whether the specified membership account is temporarily locked because of too many failed password attempts in the specified number of seconds. Here the thing is after unlocking (updating unlock date time in Db) the membership account I am locked out again after one bad password, but my database is configured to allow 3 attempts. can you please tell me how to resolve the problem or give unlock code sample.
I don't know if it could be useful for you, but the WebMatrix Starter Site template implements in the Account/Login.cshtml page an account lock system that uses the WebSecurity.GetPasswordFailuresSinceLastSuccess() method:
if (WebSecurity.UserExists(email) &&
WebSecurity.GetPasswordFailuresSinceLastSuccess(email) > 4 &&
WebSecurity.GetLastPasswordFailureDate(email).AddSeconds(60) > DateTime.UtcNow)
{
Response.Redirect("~/Account/AccountLockedOut");
return;
}
Edited
This snippet takes into consideration the LastPasswordFailureDate and PasswordFailuresSinceLastSuccess fields of the webpages_Membership table and locks an account if the number of failures exceed a given value (4 in the example) for a given number of seconds (60 in the example).
There is no need to manage an "UnlockDateTime" in another table.
Related
I am currently using the G Suite Admin SDK API to retrieve user data. I want to check how long it takes for the user properties/fields to update.
After some checks I have realized that the User resources provided by the APIs Users:get and Users:list are not updated at the same time (I have checked this and I can tell that there is at least an offset of several minutes).
Is this the expected behaviour?
In order to reproduce this issue you can do as follows:
Choose a Google user of your own.
Log into the user account (log out first if you are already logged in)
Check the API results for Users:get and Users:list. Specifically look for the lastLoginTime parameter value.
The expected lastLoginTime value should be:
"2020-05-22T10:09:04.000Z"
However, this is what I get:
For Users:list:
"lastLoginTime": "2020-05-21T09:25:33.000Z",
For Users:get:
"lastLoginTime": "2020-05-22T10:09:04.000Z",
Thanks.
We are using Kaltura to notify our CMS about changes in the videos. In the KMC under Settings->Integrations Settings we have checked all the checkboxes under "Sent by Server".
Some times these checkmarks disappear? IT happens maybe once a week or once a month. How can we find the reason to these boxes being deactivated?
Those notifications are being stored on the partner object in partner table. The actual data is stored in the custom_data field, which holds large amount of PHP-serialized data.
I can suspect cases that due to updates of other fields in the custom_data object, the notifications section will be erased.
Your best shot would be first check the value of that field when the config got erased. If it was actually erased in the database, try to find the following log messages in api_v3.log (which can lead you to the actual API request that modified the field):
[2124167851][propel] */ UPDATE partner SET
`UPDATED_AT`='2017-10-04 14:11:36',
`NOTIFY`='1',
`CUSTOM_DATA`='a:79:{s:9:"firstName";s:5:"Roman";s:12:"isFirstLogin";b:0;
... tons of PHP serialized data ...
i:1;s:19:"notificationsConfig";s:42:"*=0;1=1;2=1;3=1;4=0;21=0;6=0;7=0;26=0;5=0;";
... tons of PHP serialized data ...
}' WHERE partner.ID='101' AND MD5(cast(partner.CUSTOM_DATA as char character set latin1)) = '7eb7781cc04c7f98077efc2e3c1e9426'
The key that stores the notifications config is notificationsConfig (Each number represents the notification type, then 0 / 1 for off / no).
As a side note, which CE version are you using? There might be a more reliable way to integrate with your CMS.
I have a webservice that stores an authenticated users token in the HttpRuntime.Cache to be used on all subsequent requests. The cached item has a sliding expiration on it of 24 hours.
Secondly I have a vb.net app that is pinging this webservice every 15 seconds. It gets authenticated once, then uses the cached token for all subsequent requests. My problem is that the application appears to lose authentication at random intervals of time less than the 24 hr sliding expiration. However with it getting pinged every 15 sec the authentication should never expire.
I am looking for a way to view the HttpRuntime.cache to try and determine if the problem is in the webservice security methods or within the vb.net app. Can I view the HttpRuntime.cache somehow?
The webservice is part of a web forms site that was built with asp.net 2.0 on a Windows Server 2008.
The name of my key's were unknown as they were system generated guid values with a username as the value. So in order to view a cache collection that was unknown I used a simple loop as follows.
Dim CacheEnum As IDictionaryEnumerator = Cache.GetEnumerator()
While CacheEnum.MoveNext()
Dim cacheItem As String = Server.HtmlEncode(CacheEnum.Entry.Key.ToString())
Dim cacheItem2 As String = Server.HtmlEncode(CacheEnum.Entry.Value.ToString())
Response.Write(cacheItem & ":" & cacheItem2 & "<br />")
End While
Hope this helps others.
First off, HttpRuntime.Cache would not be the best place to store user authentication information. You should instead use HttpContext.Current.Session to store such data. Technically the cache is allowed to "pop" things in it at its own will (whenever it decides to).
If you actually need to use the cache, you can check if your item is in the cache by simply doing:
HttpRuntime.Cache["Key"] == null
How to completely disable the lock users in SAP? What setting controls this (login / failed_user_auto_unlock)?
As far as I can see, that's not possible. You can try to set login/fails_to_user_lock to 99 and login/failed_user_auto_unlock to 1, but this will only mean that users will be licked after 99 failed attempts and unlocked again at midnight.
See http://help.sap.com/saphelp_470/helpdata/en/22/41c43ac23cef2fe10000000a114084/frameset.htm for a list of the parameters related to users and security.
I have a logon script mapping user drives Windows Network. Some users are now logging into a terminal server these days and I'd like to map a different drive, based on computer name they are logging in to.
I am looking at which user AD group they are in (departmental group so I know which shares to map).
If IsAMemberOf(objNetwork.UserDomain, objNetwork.UserName, "Sales Dept. Users - Acton") Then MapIt "G:", "\\phillip\sales"
I need to now evaluate what the computer name is as well.
The basic logic is: If user is in Sales group from this computer bur-ts-01, then map this share \\bur-fil-01\sales; else, if user is in Sales group use \\phillip\sales.
It's a fairly comprehensive script mapping drives, printers, etc. Our VBScript person is long gone however and remote users are not able to access a local share to the TS server as a result.
Can anyone offer any suggestions or sample code that I could review?
You could add a check for the computer name to see if it includes "-ts-" and if so, then map accordingly. A lot of different ways to write it, but here's my take.
bDomainGroupMember = IsAMemberOf(objNetwork.UserDomain, objNetwork.UserName, "Sales Dept. Users - Acton")
If bDomainGroupMember AND Not instr(objNetwork.ComputerName, "-ts-") > 0 Then
MapIt "G:", "\\phillip\sales"
ElseIf bDomainGroupMember AND instr(objNetwork.ComputerName, "-ts-") > 0 Then
MapIt "G:", "\\bur-fil-01\sales"
End If
So basically, I pulled the function query out and assigned the value to bDomanGroupMember so you can use it in two checks without calling the function twice. Then, the If / ElseIf checks to see if the user is both a member of the sales domain group and whether or not the user logged in from a terminal server session, ie. a machine with "-ts-" in the name.
Hope that helps :)