Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Brent 13 posts 83 karma points
    14 days ago
    Brent
    0

    Password Requirements for Admin Login

    Dear Community,

    I am working on a client's website, and unfortunately I've never had the pleasure of working with Umbraco before. My only knowledge is in some CSS, HTML, and in Wordpress CMS.

    I'm trying to find a way to change password requirements on the admin login page. I am no C# programmer, but based off my review, it looks like you need that knowledge?

    Can someone please help me? Please?

  • Brent 13 posts 83 karma points
    1 week ago
    Brent
    0

    Does anyone have any suggestions for this code?

    "Right click here to inspect element "

  • Nik 446 posts 1746 karma points
    1 week ago
    Nik
    0

    Hi Brent,

    What exactly do you mean? Are you trying to change the requirements (as in complexity) for the back office users (i.e. users logging into Umbraco) or for the front end users (visitors to the website) ?

    If you are trying to change the password complexity requirements there are two settings that I'm aware of, one for the minimum number of required non-alphanumeric characters and one for the minimum length requirement.

    These are set in the Web config file against the membership providers (one exists for the back office and one exists for the front end users). Search the file for '

    Nik

  • Brent 13 posts 83 karma points
    1 week ago
    Brent
    0

    Thanks for the reply nik. Umbraco 4 is what the client is using. This is the complexity of the passwords for the administrators. By default on a freshly installed umbraco 4 it would be websitename/umbraco. I remember looking into the config file also, just not sure exactly how to change it. Do you have any examples of code that I can see that show what others have done to change theirs? I cant paste the code from it tonight. But I will have access to it again tomorrow.

  • Nik 446 posts 1746 karma points
    1 week ago
    Nik
    0

    Hi Brent,

    Unfortunately, I'm not able to help with Umbraco 4. I've had no experience with using it. The configuration setup for it may well be different from what I've explained above. Hopefully, someone else might be able to shed some light on to it for you.

    Nik

  • Brent 13 posts 83 karma points
    1 week ago
    Brent
    0

    Maybe so, but at this point anything is helpful. Even like what you would type in the config file for 6. The password requirements are bound to be similiar.

    There seriously needs to be a tutorial on setting it. I have seen many posts about it, but there isnt enough for me to understand it...

    Sorry, just dont have any experience with this kind of code.

  • Phill 113 posts 281 karma points
    1 week ago
    Phill
    0

    In v7 and I think v6 you would modify one of the two following lines in the web.config file, depending on if you want to change Member or Users where Users are backoffice admins/editors.

            <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="6" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" maxInvalidPasswordAttempts="10" />
        <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="6" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed"/>
    

    Hope that helps a bit. Phill

  • Brent 13 posts 83 karma points
    1 week ago
    Brent
    0

    This does help! Now the last thing I need help with is what code to actually write. Can i write passwordmin=4; passwordmax=9;? What will work?

  • Phill 113 posts 281 karma points
    1 week ago
  • Brent 13 posts 83 karma points
    1 week ago
    Brent
    0

    Ok I think I'm getting the hang of it here. I am just not sure why it's not working. When I try logging in and failing over 20 times it doesn't lock out. I can still login easy and quickly. Can you help? Here's what I have so far:

     <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" maxInvalidPasswordAttempts="3" passwordAnswerAttemptLockoutDuration="30" passwordAttemptWindow="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="1" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" />
    <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" maxInvalidPasswordAttempts="3" passwordAnswerAttemptLockoutDuration="30" passwordAttemptWindow="5" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="1" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />
    

    Thanks again for all of your help so far. This has been very helpful.

  • Nik 446 posts 1746 karma points
    1 week ago
    Nik
    0

    Hi Brent,

    If you are testing this with the master admin account, I have a feeling you cannot lock it out. The reason I suspect this to be the case is that other users can't generally see the master admin account so wouldn't be able to unlock it should it get locked.

    Try creating a second "admin" user and seeing if that user locks out or not.

    Nik

  • Brent 13 posts 83 karma points
    1 week ago
    Brent
    0

    Just checked with other users.

    It seems it does this regardless of the profile of the end user.

    Profiles:

    Admin; Editor; Writer; [Translator]; [Publisher]; [Auditor]

    I also tried creating an administrator and it still has the same effect... Any suggestions?

  • Brent 13 posts 83 karma points
    5 days ago
    Brent
    0

    Perhaps it may be better to try to upgrade the system altogether. Maybe that may fix whatever issues we are having right now. But before I go that route, do you guys know is it more stable to set password requirements in the later versions?

  • Brent 13 posts 83 karma points
    4 days ago
    Brent
    0

    The only thing different between my webconfig file and the latest version is this:

    (LATEST VERSION OF UMBRACO) Umbraco.Web.Security.Providers.UsersMembershipProvider

    (CURRENTLY IN USE) umbraco.providers.UsersMembershipProvider

  • Brent 13 posts 83 karma points
    4 days ago
    Brent
    0

    Doesn't work. It's for something that isn't in Umbraco 4.

Please Sign in or register to post replies

Write your reply to:

Draft