Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Dan Evett 2 posts 72 karma points
    May 22, 2018 @ 15:41
    Dan Evett
    0

    Checking a users login credentials are correct even if the account is locked

    Hi

    Im currently trying to extend my projects login functionality by providing a locked out message to the user but only if the credentials they added are in fact valid so as to not weaken our security by potentially exposing valid usernames.

    From what i can see all the user checks just return a bool with a value of false if the password is incorrect or the user is locked out which doesn't help me as i cant distinguish between the two.

    My only thought at the moment is to enable password retrieval in the web.config and then comparing the hashed password of the member with the password they have entered into the login screen hashed.

    Is that my only option or is there anything else more baked into umbraco i can use?

Please Sign in or register to post replies

Write your reply to:

Draft