We have single tenant app in which security setting "Enable user account locking on failed login attempts" is enabled for max 5 attempts. On login page, user is only getting error message "Login Failed". In case, if user is exceeding this limit as well and he is still active and never marked locked.
Please let us know how to configure this in case if we are missing any setting or may be this is a bug.
7 Answer(s)
-
0
hi
- What is your product version?
- What is your product type (Angular or MVC)?
- What is product framework type (.net framework or .net core)?
- Steps needed to reproduce the problem.
-
0
What is your product version? 8.2.0 What is your product type (Angular or MVC)? Angular What is product framework type (.net framework or .net core)? .net core
Steps needed to reproduce the problem.
- On Login screen, enter Email:"Admin" and password="123qwe" and press Login button.
- Goto Administration-->Settings-->Security tab.
- On "Security" tab "Enable user account locking on failed login attempts" checkbox is enabled, "Maximum number of failed login attempt count before locking the account" value is 3 and "Account locking duration (as seconds)" is 300.
- Logout
- Try to enter any user email and incorrect password who is already active multiple times.
- On each attempts (4th and onwards also), getting same error message "Login failed! Invalid username or password" while on 4th attemps, user should have to get the warning related to "user lockout".
- Now try to login same user with same email and correct password, user is suessfully login while at this step user should not get login and get warning message.
-
0
Hi Support, Any update? Regards, Mahendra
-
0
hi mahendra
I will check it as soon as possible.
-
0
Hi @mahendra
Could you also share your ABP NuGet package version ?
-
0
-
0