AuthenticationService.ValidateUser

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
2/1/2012 2:19:22 AM
aghlara
Gravatar
Total Posts 1
View Posts

AuthenticationService.ValidateUser

Hi Joe,

Thank you for the awesome system you and the team have developed.

I have a problem with AuthenticationService; I have a user locked out and still Validate method returns true. I checked the source code and in the comment it is mentioning the LockOut users will not be validated though.

Can you help me with this mystery?

Regards,

Arash

2/2/2012 7:36:48 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: AuthenticationService.ValidateUser

Hi Arash,

You are right. The reason we don't return false there is that it results in the generic authnetication failed message which is not very helpful to the user, so instead we enforce it from SiteLogin.cs in the SiteLogin_LoggingIn event we check if the account is locked and if so we cancel the login. This allows us to show a more meaningful error to the user indicating the account is locked whereas if we just return false from validateuser it will result in a less helpful generic error that authentication failed.

However, I realize that if you are using the AuthenticationService you may wish to make it return false there, so I've added a config setting to enable that for you. If you get the latest code, you can add this to your user.config to make it return false from validateuser if the account is locked:

<add key="MembershipProvider:ReturnFalseInValidateUserIfAccountLocked" value="true" />

Hope that helps,

Joe

You must sign in to post in the forums. This thread is closed to new posts.