Im currently trying to extend my projects login functionality by providing a locked out message to the user but only if the credentials they added are in fact valid so as to not weaken our security by potentially exposing valid usernames.
From what i can see all the user checks just return a bool with a value of false if the password is incorrect or the user is locked out which doesn't help me as i cant distinguish between the two.
My only thought at the moment is to enable password retrieval in the web.config and then comparing the hashed password of the member with the password they have entered into the login screen hashed.
Is that my only option or is there anything else more baked into umbraco i can use?
Checking a users login credentials are correct even if the account is locked
Hi
Im currently trying to extend my projects login functionality by providing a locked out message to the user but only if the credentials they added are in fact valid so as to not weaken our security by potentially exposing valid usernames.
From what i can see all the user checks just return a bool with a value of false if the password is incorrect or the user is locked out which doesn't help me as i cant distinguish between the two.
My only thought at the moment is to enable password retrieval in the web.config and then comparing the hashed password of the member with the password they have entered into the login screen hashed.
Is that my only option or is there anything else more baked into umbraco i can use?
is working on a reply...