Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Brent 28 posts 239 karma points
    Aug 08, 2017 @ 21:03
    Brent
    0

    Password Requirements for Admin Login

    Dear Community,

    I am working on a client's website, and unfortunately I've never had the pleasure of working with Umbraco before. My only knowledge is in some CSS, HTML, and in Wordpress CMS.

    I'm trying to find a way to change password requirements on the admin login page. I am no C# programmer, but based off my review, it looks like you need that knowledge?

    Can someone please help me? Please?

  • Brent 28 posts 239 karma points
    Aug 10, 2017 @ 20:33
    Brent
    0

    Does anyone have any suggestions for this code?

    "Right click here to inspect element "

  • Nik 503 posts 1977 karma points
    Aug 10, 2017 @ 22:07
    Nik
    0

    Hi Brent,

    What exactly do you mean? Are you trying to change the requirements (as in complexity) for the back office users (i.e. users logging into Umbraco) or for the front end users (visitors to the website) ?

    If you are trying to change the password complexity requirements there are two settings that I'm aware of, one for the minimum number of required non-alphanumeric characters and one for the minimum length requirement.

    These are set in the Web config file against the membership providers (one exists for the back office and one exists for the front end users). Search the file for '

    Nik

  • Brent 28 posts 239 karma points
    Aug 10, 2017 @ 22:38
    Brent
    0

    Thanks for the reply nik. Umbraco 4 is what the client is using. This is the complexity of the passwords for the administrators. By default on a freshly installed umbraco 4 it would be websitename/umbraco. I remember looking into the config file also, just not sure exactly how to change it. Do you have any examples of code that I can see that show what others have done to change theirs? I cant paste the code from it tonight. But I will have access to it again tomorrow.

  • Nik 503 posts 1977 karma points
    Aug 10, 2017 @ 22:40
    Nik
    0

    Hi Brent,

    Unfortunately, I'm not able to help with Umbraco 4. I've had no experience with using it. The configuration setup for it may well be different from what I've explained above. Hopefully, someone else might be able to shed some light on to it for you.

    Nik

  • Brent 28 posts 239 karma points
    Aug 10, 2017 @ 22:54
    Brent
    0

    Maybe so, but at this point anything is helpful. Even like what you would type in the config file for 6. The password requirements are bound to be similiar.

    There seriously needs to be a tutorial on setting it. I have seen many posts about it, but there isnt enough for me to understand it...

    Sorry, just dont have any experience with this kind of code.

  • Phill 115 posts 284 karma points
    Aug 11, 2017 @ 04:09
    Phill
    0

    In v7 and I think v6 you would modify one of the two following lines in the web.config file, depending on if you want to change Member or Users where Users are backoffice admins/editors.

            <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="6" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" maxInvalidPasswordAttempts="10" />
        <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="6" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed"/>
    

    Hope that helps a bit. Phill

  • Brent 28 posts 239 karma points
    Aug 11, 2017 @ 12:09
    Brent
    0

    This does help! Now the last thing I need help with is what code to actually write. Can i write passwordmin=4; passwordmax=9;? What will work?

  • Phill 115 posts 284 karma points
    Aug 11, 2017 @ 14:31
  • Brent 28 posts 239 karma points
    Aug 11, 2017 @ 16:48
    Brent
    0

    Ok I think I'm getting the hang of it here. I am just not sure why it's not working. When I try logging in and failing over 20 times it doesn't lock out. I can still login easy and quickly. Can you help? Here's what I have so far:

     <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" maxInvalidPasswordAttempts="3" passwordAnswerAttemptLockoutDuration="30" passwordAttemptWindow="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="1" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
    <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" maxInvalidPasswordAttempts="3" passwordAnswerAttemptLockoutDuration="30" passwordAttemptWindow="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="1" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
    

    Thanks again for all of your help so far. This has been very helpful.

  • Nik 503 posts 1977 karma points
    Aug 11, 2017 @ 16:54
    Nik
    0

    Hi Brent,

    If you are testing this with the master admin account, I have a feeling you cannot lock it out. The reason I suspect this to be the case is that other users can't generally see the master admin account so wouldn't be able to unlock it should it get locked.

    Try creating a second "admin" user and seeing if that user locks out or not.

    Nik

  • Brent 28 posts 239 karma points
    Aug 11, 2017 @ 17:30
    Brent
    0

    Just checked with other users.

    It seems it does this regardless of the profile of the end user.

    Profiles:

    Admin; Editor; Writer; [Translator]; [Publisher]; [Auditor]

    I also tried creating an administrator and it still has the same effect... Any suggestions?

  • Brent 28 posts 239 karma points
    Aug 17, 2017 @ 13:34
    Brent
    0

    Perhaps it may be better to try to upgrade the system altogether. Maybe that may fix whatever issues we are having right now. But before I go that route, do you guys know is it more stable to set password requirements in the later versions?

  • Brent 28 posts 239 karma points
    Aug 18, 2017 @ 14:31
    Brent
    0

    The only thing different between my webconfig file and the latest version is this:

    (LATEST VERSION OF UMBRACO) Umbraco.Web.Security.Providers.UsersMembershipProvider

    (CURRENTLY IN USE) umbraco.providers.UsersMembershipProvider

  • Brent 28 posts 239 karma points
    Aug 18, 2017 @ 14:42
    Brent
    0

    Doesn't work. It's for something that isn't in Umbraco 4.

  • Brent 28 posts 239 karma points
    Aug 29, 2017 @ 18:27
    Brent
    100

    Because I'm continued having this issue with Umbraco 4, I have upgraded. So far so good. The specs work for the new version. Just got to finish getting the website to show properly.

Please Sign in or register to post replies

Write your reply to:

Draft