A user can get themselves locked out if they try to access the website too many times with improper credentials. This results in the field IsLockedOut of the aspnet_Membership table having the value "True"
I am wondering what is a graceful / safe way to unlock that user. I could just open the live site database with SQLManagement Studio Express, find the users recored, and change the value from "True" to "False".
Is that a good (safe) approach? (I am always leery of messing with the live site database --)
CHO, Homepage Doctor
ASP.NET Database Tutorials
http://www.homepagedoctor.com
There is a stored proceedure that is installed when you add the membership tables to a sql server database. The stored proceeddure is
aspnet_Membership_UnlockUser
Take a look at what it updates in order to unlock a user. In my opinion you at the very least need to set the failed password attempt count back to zero.
ALTER PROCEDURE dbo.aspnet_Membership_UnlockUser
@ApplicationName nvarchar(256),
@UserName nvarchar(256)
AS
BEGIN
DECLARE @UserId uniqueidentifier
SELECT @UserId = NULL
SELECT @UserId = u.UserId
FROM dbo.aspnet_Users u, dbo.aspnet_Applications a, dbo.aspnet_Membership m
WHERE LoweredUserName = LOWER(@UserName) AND
u.ApplicationId = a.ApplicationId AND
LOWER(@ApplicationName) = a.LoweredApplicationName AND
u.UserId = m.UserId
IF ( @UserId IS NULL )
RETURN 1
UPDATE dbo.aspnet_Membership
SET IsLockedOut = 0,
FailedPasswordAttemptCount = 0,
FailedPasswordAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
FailedPasswordAnswerAttemptCount = 0,
FailedPasswordAnswerAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
LastLockoutDate = CONVERT( datetime, '17540101', 112 )
WHERE @UserId = UserId
RETURN 0
END
"He who would learn to fly one day must first learn to stand and walk and run and climb and dance; one cannot fly into flying."
I have an admin page where the username of the user who is locked out is available as TxtBxUserName.text. Would the things done by the code you showed be automatically done if I ran the following VB code when I clicked an Unlock button?
Dim User As MembershipUser Dim MyUserName As String MyUserName = TxtBxUserName.Text If Not TxtBxUserName.Text = "" Then User = Membership.GetUser(MyUserName) User.UnlockUser() End If
CHO, Homepage Doctor
ASP.NET Database Tutorials
http://www.homepagedoctor.com
Would the things done by the code you showed be automatically done if I ran the following VB code when I clicked an Unlock button?
Yes, the unlockuser method will do just that. But perhaps you should change your code like this:
Dim User As MembershipUser = Membership.GetUser(TxtUserName.Text)
If User Is Nothing Then
'Username doesn't exist
Else
User.UnlockUser()
End If
ClarkNK
I could just open the live site database with SQLManagement Studio Express, find the users recored, and change the value from "True" to "False".
Is that a good (safe) approach? (I am always leery of messing with the live site database --)
Not a good idea, because more fields need to be updated:
Your implementation of this method should set the
IsLockedOut property to false, set the
LastLockoutDate property to the current date, and reset any counters that you use to track the number of failed log in attempts and so forth.
ClarkNK
Member
433 Points
362 Posts
Safely unlock member who is locked out
Apr 26, 2012 03:20 PM|LINK
A user can get themselves locked out if they try to access the website too many times with improper credentials. This results in the field IsLockedOut of the aspnet_Membership table having the value "True"
I am wondering what is a graceful / safe way to unlock that user. I could just open the live site database with SQLManagement Studio Express, find the users recored, and change the value from "True" to "False".
Is that a good (safe) approach? (I am always leery of messing with the live site database --)
ASP.NET Database Tutorials
http://www.homepagedoctor.com
rickjames961
Participant
775 Points
174 Posts
Re: Safely unlock member who is locked out
Apr 26, 2012 03:34 PM|LINK
There is a stored proceedure that is installed when you add the membership tables to a sql server database. The stored proceeddure is
aspnet_Membership_UnlockUser
Take a look at what it updates in order to unlock a user. In my opinion you at the very least need to set the failed password attempt count back to zero.
ALTER PROCEDURE dbo.aspnet_Membership_UnlockUser @ApplicationName nvarchar(256), @UserName nvarchar(256) AS BEGIN DECLARE @UserId uniqueidentifier SELECT @UserId = NULL SELECT @UserId = u.UserId FROM dbo.aspnet_Users u, dbo.aspnet_Applications a, dbo.aspnet_Membership m WHERE LoweredUserName = LOWER(@UserName) AND u.ApplicationId = a.ApplicationId AND LOWER(@ApplicationName) = a.LoweredApplicationName AND u.UserId = m.UserId IF ( @UserId IS NULL ) RETURN 1 UPDATE dbo.aspnet_Membership SET IsLockedOut = 0, FailedPasswordAttemptCount = 0, FailedPasswordAttemptWindowStart = CONVERT( datetime, '17540101', 112 ), FailedPasswordAnswerAttemptCount = 0, FailedPasswordAnswerAttemptWindowStart = CONVERT( datetime, '17540101', 112 ), LastLockoutDate = CONVERT( datetime, '17540101', 112 ) WHERE @UserId = UserId RETURN 0 ENDFriedrich Nietzsche
ClarkNK
Member
433 Points
362 Posts
Re: Safely unlock member who is locked out
Apr 26, 2012 08:24 PM|LINK
Thank you for your reply.
I have an admin page where the username of the user who is locked out is available as TxtBxUserName.text. Would the things done by the code you showed be automatically done if I ran the following VB code when I clicked an Unlock button?
Dim User As MembershipUser
Dim MyUserName As String
MyUserName = TxtBxUserName.Text
If Not TxtBxUserName.Text = "" Then
User = Membership.GetUser(MyUserName)
User.UnlockUser()
End If
ASP.NET Database Tutorials
http://www.homepagedoctor.com
hans_v
All-Star
35986 Points
6550 Posts
Re: Safely unlock member who is locked out
Apr 26, 2012 09:46 PM|LINK
Yes, the unlockuser method will do just that. But perhaps you should change your code like this:
Not a good idea, because more fields need to be updated:
Your implementation of this method should set the IsLockedOut property to false, set the LastLockoutDate property to the current date, and reset any counters that you use to track the number of failed log in attempts and so forth.
http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.unlockuser.aspx
ClarkNK
Member
433 Points
362 Posts
Re: Safely unlock member who is locked out
Apr 26, 2012 10:43 PM|LINK
Great! I am now comfortable proceeding.
Thank you.
ASP.NET Database Tutorials
http://www.homepagedoctor.com