User Locked Out Event

Question

0.00/5 (No votes)

See more:

I want to send an email whenever the user is locked out. I am using ASP.NET Membership framework. Is there any way to determine or handle any event when a user Locked Out

Posted 23-Oct-13 23:46pm

Abdullah Al-Muzahid

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Prasad Khandekar · Answer 1 · 2013-10-24T00:39:00

Hello Abdhullah,

Please have a look at this MSDN documentation[^] which shows a custom implementation of WebAuthenticationFailureAuditEvent class. The MemberShip provider fires an
AuditMembershipAuthenticationFailure Web event when user login fails. The NameToAuthenticate property returns the name of the user being authenticated. You can use it to fetch the user's record to read user's email and then send out and e-mail. Please remember that the AuditMembershipAuthenticationFailure event is raised when any one of the following condition is true and hence you will also have to check whether the user is locked out or not.

Either the user name or password does not match
User is not active
User is locked out

Please note that the said event is raised every time there is a login failure. You can use IsLockedOut bit field of aspnet_Membership table to determine whether the user in question is locked out or not. This check itself won't be sufficient if you want to send the email only once. You need an additional check,

MSDN Membership Provider Doc#Account Locking:
How does an account become locked in the first place? Suppose the user types an incorrect password into the login page. After ascertaining that the password is invalid, CheckPassword calls the stored procedure aspnet_Membership_UpdateUserInfo to update the corresponding record in the aspnet_Membership table. It passes in a bit flag indicating an invalid password was submitted. Seeing the flag, the stored procedure increments the failed password attempt count. If the count exceeds the maximum specified by MaxInvalidPasswordAttempts, and if all the password failures occurred within the time window specified by PasswordAttemptWindow, the stored procedure sets IsLockedOut to 1, effectively locking the account until further notice. Thus, locking is handled primarily at the database level, and it is largely opaque to the provider itself.

The above doc suggests that you can check the difference between the MaxInvalidPasswordAttempts and FailedPasswordAttemptCount and if it's equal to 1 then it's the first time user is getting locked out.

Regards,

Vinodh.B · Answer 2 · 2013-10-24T00:39:00

Solution 1

Hi

Thi link may help you

http://www.asp.net/web-forms/tutorials/security/admin/unlocking-and-approving-user-accounts-cs[^]

Solution 2

You may write a window service which checks up the users at a regular interval and send mail to the locked user

Posted 24-Oct-13 0:39am

Vinodh.B

Updated 24-Oct-13 1:58am

v2

Comments

Abdullah Al-Muzahid 24-Oct-13 7:03am

Thanks for your reply. But, I am not looking for this.