7

i'm new and using the login control with the ASPNETDB visual studio generated user database

i set a maximum bad password count of 5 in web.config and tested to the point that an account was locked out. i am however unable to figure out how to unlock the account now.

this problem is on my remotely hosted site, so this isn't something i can do with the visual studio asp.net configuration tool

some c# code i could run in the .cs page_load, that would let me input the username and have it unlocked would be great. then i could make a form to do it later when i need to easily.

thanks in advance for any help.

korben
  • 71
  • 1
  • 2

5 Answers5

12
  MembershipUser usr = Membership.GetUser(userName);
  usr.UnlockUser();
Brian
  • 1,845
  • 1
  • 22
  • 37
8

Manually, in the database, go to the aspnet_membership table, set FailedLoginPasswordAttemptCount (something similarly named) to zero and set IsLockedOut to 0 (false).

We created a custom security screen to manage these in several of my apps, or you can use a component like mentioned in the other posts.

HTH.

Brian Mains
  • 50,520
  • 35
  • 148
  • 257
1

Have you tried changing the Web.config to extend the lockout time to "more attempts" or something like that? Maybe it will let you in that way.

I wouldn't know any CSharp code for you, but a tool that I use is the Quality Data membership Manager Control where I can manage membership (including lock status) through a web form.

While this will not help you right now, it should help you in the future. Also, once you can login (after your lockout expires) again, I would suggest removing the lockout info from the Web.config until you're ready to go live. Extensive testing of your application is bound to get you locked out again and again.

Chase Florell
  • 46,378
  • 57
  • 186
  • 376
1

I have some really old (ugly) code from an app I built a few years back. It's pretty much a hack up of a gridview control which uses the aspnet_Membership_UnlockUser stored proc as the delete command with the key set as the username of the locked out user in the gridrow. I didn't even use C#. Here's what I have:

<asp:Label runat="server" ID="LblLockedUsers" Text="Locked Out Users:" />

<asp:SqlDataSource ID="SqlLockedUsers" runat="server" ConnectionString='<%$ ConnectionStrings:myConnString %>'
SelectCommand="selLockedOutUsers" SelectCommandType="StoredProcedure" DeleteCommand="aspnet_Membership_UnlockUser"
DeleteCommandType="StoredProcedure" />

<asp:GridView ID="GvLockedUsers" runat="server" AllowPaging="True" PageSize="5" AutoGenerateColumns="False"
DataKeyNames="UserName" DataSourceID="SqlLockedUsers" AllowSorting="True" GridLines="None"
Width="100%">
  <Columns>
    <asp:TemplateField>
      <ItemTemplate>
        <asp:LinkButton ID="LnkUnlock" CommandArgument='<%# Eval("UserName") %>' CommandName="Delete" runat="server">Unlock</asp:LinkButton>
      </ItemTemplate>
    </asp:TemplateField>
    <asp:BoundField DataField="UserName" HeaderText="User Name" ReadOnly="True" SortExpression="UserName" />
    <asp:CheckBoxField DataField="IsLockedOut" HeaderText="Locked Out" ReadOnly="True" SortExpression="IsLockedOut" />
    <asp:BoundField DataField="LastLockoutDate" HeaderText="Last Lockout" SortExpression="LastLockoutDate" ReadOnly="True" />
    <asp:BoundField DataField="failedPasswordAttemptCount" HeaderText="Failed Password Attempts" SortExpression="failedPasswordAttemptCount" ReadOnly="True" />
  </Columns>
  <EmptyDataTemplate>
    No users are locked out at this time.
  </EmptyDataTemplate>
</asp:GridView>

Here's the old stored proc I wrote which is used by the gridview. This all can be done so much better, but this is what I did back then and it works well.

CREATE PROCEDURE [dbo].[selLockedOutUsers]

AS

SELECT 
m.ApplicationId as applicationId,
a.ApplicationName as applicationName,
m.UserId as userId,
u.UserName as UserName,
m.IsLockedOut as isLockedOut,
m.LastLoginDate as lastLoginDate,
m.LastLockoutDate as lastLockoutDate,
m.FailedPasswordAttemptCount as failedPasswordAttemptCount

FROM 
aspnet_Membership m 
JOIN aspnet_Users u ON m.UserId = u.UserId
JOIN aspnet_Applications a ON m.ApplicationId = a.ApplicationId

WHERE 
m.IsLockedOut = '1'

Here's my modified aspnet_Membership_UnlockUser stored proc. As you can see, I removed the app name parameter and just set it in the proc manually. That way I only need to pass the username as a parameter.

ALTER PROCEDURE [dbo].[aspnet_Membership_UnlockUser]
    --@ApplicationName                         nvarchar(256), --replaced with '/'
    @UserName                                nvarchar(256)
AS
BEGIN
    DECLARE @UserId uniqueidentifier
    SELECT  @UserId = NULL
    SELECT  @UserId = u.UserId
    FROM    dbo.aspnet_Users u, dbo.aspnet_Applications a, dbo.aspnet_Membership m
    WHERE   LoweredUserName = LOWER(@UserName) AND
            u.ApplicationId = a.ApplicationId  AND
            LOWER('/') = a.LoweredApplicationName AND
            u.UserId = m.UserId

    IF ( @UserId IS NULL )
        RETURN 1

    UPDATE dbo.aspnet_Membership
    SET IsLockedOut = 0,
        FailedPasswordAttemptCount = 0,
        FailedPasswordAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
        FailedPasswordAnswerAttemptCount = 0,
        FailedPasswordAnswerAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
        LastLockoutDate = CONVERT( datetime, '17540101', 112 )
    WHERE @UserId = UserId

    RETURN 0
END
BueKoW
  • 926
  • 5
  • 18
  • 33
0

This tutorial might help, you might have to go through the series quickly:

Unlocking and Approving User Accounts

Asad
  • 21,468
  • 17
  • 69
  • 94