|
 Friday, December 29, 2006 |
| The user account has been locked out |
|
I came across this error today in the user management page of one of my web applications. I have a grid that I’m filling with all the users in the system along with their information. In this grid I am also showing the passwords for each user. I know, not the best security. However, I am using SSL.
The error occurred when a user got locked out and then the administrator tried to go in and view the grid of users. When the code tried to retrieve the password for the locked out user, a MembershipPasswordException error was thrown. You can’t retrieve certain information for a user in ASP.NET 2.0 when that user has been locked. In the ASPNET_Membership table the column is IsLockedOut. When this column is set to 1 for a user in the table, you will not be able to retrieve the password.
A user gets locked out when they have too many failed login attempts and usually only get locked out for 10 minutes unless you’ve changed it to be a longer period.
In order to get around this error, I have to check if the user is locked out before trying to retrieve their password. If they are locked out I just call the UnlockUser method off of the membershipuser object. The following code illustrates this.
For Each user As MembershipUser In memberList
If user.IsLockedOut = True Then user.UnlockUser() |
jeremy at 3:57 PM |
(10) Comments |
Add a comment |
Permalink
|
|
|
|