Base solution for your next web application
Open Closed

"Enable user account locking on failed login attempts" setting is not working #9377

User avatar
0
mahendra created

We have single tenant app in which security setting "Enable user account locking on failed login attempts" is enabled for max 5 attempts. On login page, user is only getting error message "Login Failed". In case, if user is exceeding this limit as well and he is still active and never marked locked.

Please let us know how to configure this in case if we are missing any setting or may be this is a bug.

Go to accepted answer
7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    hi

    • What is your product version?
    • What is your product type (Angular or MVC)?
    • What is product framework type (.net framework or .net core)?
    • Steps needed to reproduce the problem.
  • User Avatar
    0
    mahendra created

    What is your product version? 8.2.0 What is your product type (Angular or MVC)? Angular What is product framework type (.net framework or .net core)? .net core

    Steps needed to reproduce the problem.

    1. On Login screen, enter Email:"Admin" and password="123qwe" and press Login button.
    2. Goto Administration-->Settings-->Security tab.
    3. On "Security" tab "Enable user account locking on failed login attempts" checkbox is enabled, "Maximum number of failed login attempt count before locking the account" value is 3 and "Account locking duration (as seconds)" is 300.
    4. Logout
    5. Try to enter any user email and incorrect password who is already active multiple times.
    6. On each attempts (4th and onwards also), getting same error message "Login failed! Invalid username or password" while on 4th attemps, user should have to get the warning related to "user lockout".
    7. Now try to login same user with same email and correct password, user is suessfully login while at this step user should not get login and get warning message.
  • User Avatar
    0
    mahendra created

    Hi Support, Any update? Regards, Mahendra

  • User Avatar
    0
    maliming created
    Support Team

    hi mahendra

    I will check it as soon as possible.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mahendra

    Could you also share your ABP NuGet package version ?

  • User Avatar
    0
    mahendra created

    V 5.2.0

    Regards, Mahendra

  • User Avatar
    0
    maliming created
    Support Team

    hi mahendra

    I downloaded the demo project of 8.2 but did not reproduce your problem.(angular + net core)

    I created the test user and enabled the lockout function in the system and user.

    Can you confirm whether the user has enabled lockout?

Assignee
No one
Labels
Non yet