+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Locked out users / accounts

Locked out users / accounts

6 posts, 1 answered
  1. Jon
    Jon avatar
    22 posts
    Registered:
    11 Mar 2010
    18 Mar 2010
    Link to this post
    In another thread: Extending the membership provider , there was some mention of a way to determine if an account is locked out.

    "Since we use ASP.NET Membership provider, you can unlock an user as it is shown in this MSDN article - MembershipUser.IsLockedOut Property . "

    I have been considering adding this type of functionality to my user page so that admins can unlock any other locked out account.

    Do you happen to have any code snippets, insights, or possible plans to add this into future releases?


    Thanks

  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    18 Mar 2010
    Link to this post
    Hello Jon,

    You can implement disabling/enabling users in Sitefinity 3.x. Below are the steps you have to follow

    1. Add TemplateField with LinkButton control inside users GridView control declared under ~/Sitefinity/Admin/CmsAdmin/Users.aspx

    <asp:GridView ID="GridView1" AllowPaging="true" AllowSorting="true" PageSize="20"
                           AutoGenerateColumns="false" GridLines="none" CssClass="listItems" runat="server">
                           <Columns>
                               <asp:TemplateField ItemStyle-CssClass="check">
                                   <HeaderTemplate>
                                       <asp:CheckBox ID="checkAll" runat="server" /></HeaderTemplate>
                                   <ItemTemplate>
                                       <asp:CheckBox runat="server" ID="rowCheck" /></ItemTemplate>
                               </asp:TemplateField>
                               <asp:BoundField DataField="UserName" SortExpression="UserName" HeaderText="Username"
                                   HeaderStyle-CssClass="GridHeader_SiteFinity">
                                   <ItemStyle CssClass="gridContentTitle" />
                               </asp:BoundField>
                               <asp:BoundField DataField="Email" SortExpression="Email" HeaderText="Email" HeaderStyle-CssClass="GridHeader_SiteFinity" />
                               <asp:BoundField DataField="CreationDate" SortExpression="CreationDate" HeaderText="Creation Date"
                                   HeaderStyle-CssClass="GridHeader_SiteFinity" DataFormatString="{0:dd MMM yyyy, hh:mm}"
                                   HtmlEncode="false" />
                               <asp:ButtonField ButtonType="Link" CommandName="Select" Text="Profile" AccessibleHeaderText="Profile">
                                   <ItemStyle CssClass="gridActions" />
                               </asp:ButtonField>
                               <asp:ButtonField ButtonType="Link" CommandName="Delete" Text="Delete" AccessibleHeaderText="Delete">
                                   <ItemStyle CssClass="gridActions delete" />
                               </asp:ButtonField>
                                 <asp:TemplateField AccessibleHeaderText="DisableUser">
                                   <ItemTemplate>
                                       <asp:LinkButton runat="server" ID="DisableUser" Text="DisableUser" ToolTip="DisableUser" CommandName="DisableUser" CommandArgument='<%# Eval("UserName") %>'></asp:LinkButton>
                                   </ItemTemplate>
                               </asp:TemplateField>
                           </Columns>
                       </asp:GridView>

    2. Set CommandName and CommandArgument to the LinkButton.

    3.  On PageLoad get the List container of the ManageUsers control and subscribe for RowCommand event of the GridView

    Telerik.Security.WebControls.ManageUsers.ListContainer listContainer = manageUsers.GetCurrentContainer() as Telerik.Security.WebControls.ManageUsers.ListContainer;
         if (listContainer != null)
         {
             listContainer.Grid.RowCommand += new GridViewCommandEventHandler(Grid_RowCommand);
         }

    4. Get the UserName form the CommandArgument and disable/enable the user

    void Grid_RowCommand(object sender, GridViewCommandEventArgs e)
    {
        if (e.CommandName == "DisableUser")
        {
             
            MembershipUser user = Membership.GetUser(e.CommandArgument.ToString());
            if (user != null)
            {
                user.IsApproved = false;
                Membership.UpdateUser(user);
            }
        }
    }


    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. Jon
    Jon avatar
    22 posts
    Registered:
    11 Mar 2010
    19 Mar 2010
    Link to this post
    Very helpful. Thank you.

    I've tried this code and it works great. I do have one last thought / question.

    Would it be possible to change the gridview item from a single action disable / enable, to the current status with the click being a toggle.

    I feel comfortable coding the toggle function given your great example above, but am having issues trying to access the status from a gridview. That's outside my expertise.

    Many thanks.
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    19 Mar 2010
    Link to this post
    Hello Jon,

    IsApproved is a boolean type, so you can get true or false values. You could create an additional column to  GridView, sibscribe for ItemCreated event and populate the Text value of a Label.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
    Answered
  5. Jon
    Jon avatar
    22 posts
    Registered:
    11 Mar 2010
    24 Mar 2010
    Link to this post
    I'll mark it as answered knowing I'm going to supply the end results of my solution for someone else who might have to face a situation where a user account could be either:

    locked out (due to security settings from the web config) user.IsLockedOut
    authorized (not due to too many invalid password attempts)  user.IsApproved

    A caveat with IsLockedOut, if the time window has elapsed, a false indicator will be set that the account is locked out, but if you attempt a login, it will allow you access. That is why I do a time check too.

    We all know each person takes their own approach, here is my current method:


    \Sitefinity\Admin\CmsAdmin\Users.aspx
                                    <asp:ButtonField ButtonType="Link" CommandName="Delete" Text="Delete" AccessibleHeaderText="Delete">
                                        <ItemStyle CssClass="gridActions delete" />
                                    </asp:ButtonField>
    <!-- Above is existing code -->
                                   <asp:TemplateField HeaderText="Locked Out">
                                        <ItemTemplate>
                                            <asp:LinkButton CssClass="gridActions" runat="server" ID="UnlockUser" Text='<%# LockStatusOptionUser(Eval("UserName")) %>' ToolTip="Click to Unlock" CommandName="UnlockUser" CommandArgument='<%# Eval("UserName") %>'></asp:LinkButton>
                                        </ItemTemplate>
                                    </asp:TemplateField>
                                    <asp:TemplateField AccessibleHeaderText="Account Status" HeaderText="Account Status" >
                                        <ItemTemplate>
                                            <asp:Label ID="StatusofUser" runat="server" Text='<%# StatusUser(Eval("UserName")) %>'></asp:Label> (<asp:LinkButton runat="server" ID="EnableUser" Text="Enable" ToolTip="EnableUser" CommandName="EnableUser" CommandArgument='<%# Eval("UserName") %>'></asp:LinkButton> /
                                           <asp:LinkButton runat="server" ID="DisableUser" Text="Disable" ToolTip="DisableUser" CommandName="DisableUser" CommandArgument='<%# Eval("UserName") %>'></asp:LinkButton>)
                                        </ItemTemplate>
                                    </asp:TemplateField>


    \Sitefinity\Admin\CmsAdmin\Users.aspx.cs
    public string LockStatusUser(object UserName)
    {
     
        MembershipUser user = Membership.GetUser(UserName.ToString());
     
        bool LockStatus = user.IsLockedOut;
     
        DateTime LastLockoutTime = user.LastLockoutDate;
        DateTime TheCurrentTime = System.DateTime.Now;
        TimeSpan TimeDifference = TheCurrentTime - LastLockoutTime;
        double TimeString = TimeDifference.TotalMinutes;
     
        int passwordAttemptWindow = System.Web.Security.Membership.PasswordAttemptWindow;
     
     
     
        if (LockStatus)
        {
            if (TimeString >= passwordAttemptWindow)
            {
                //UnlockUser(UserName.ToString());
                //Lock window has passed, user will be able to login.
                return "Unlocked";
            } else {
                return "Locked";
            }
        }
        else
        {
            return "Unlocked";
        }
    }
     
    public string LockStatusOptionUser(object UserName)
    {
     
        MembershipUser user = Membership.GetUser(UserName.ToString());
     
        bool LockStatus = user.IsLockedOut;
     
        DateTime LastLockoutTime = user.LastLockoutDate;
        DateTime TheCurrentTime = System.DateTime.Now;
        TimeSpan TimeDifference = TheCurrentTime - LastLockoutTime;
        double TimeString = TimeDifference.TotalMinutes;
     
        int passwordAttemptWindow = System.Web.Security.Membership.PasswordAttemptWindow;
     
     
     
        if (LockStatus)
        {
            if (TimeString >= passwordAttemptWindow)
            {
                //UnlockUser(UserName.ToString());
                //Lock window has passed, user will be able to login.
                return "";
            }
            else
            {
                return "Locked";
            }
        }
        else
        {
            return "";
        }
    }
     
    public string StatusUser(object UserName)
    {
     
        MembershipUser user = Membership.GetUser(UserName.ToString());
     
        bool LockStatus = user.IsApproved;
     
        if (LockStatus)
        {
            return "Active";
        }
        else
        {
            return "Inactive";
        }
    }
     
     
    public void UnlockUser(string UserName) {
        MembershipUser user = Membership.GetUser(UserName);
        if (user == null && !user.IsLockedOut)
        {
            return;
        }
        else
        {
            user.UnlockUser();
            Response.Redirect(Request.RawUrl);
        }
    }
     
    void Grid_RowCommand(object sender, GridViewCommandEventArgs e)
    {
     
     
     
        if (e.CommandName == "DisableUser")
        {
     
            MembershipUser user = Membership.GetUser(e.CommandArgument.ToString());
            string CurrentUsername = user.UserName;
     
            if (user != null)
            {
                user.IsApproved = false;
                Membership.UpdateUser(user);
                Response.Redirect(Request.RawUrl);
            }
        }
        if (e.CommandName == "EnableUser")
        {
     
            MembershipUser user = Membership.GetUser(e.CommandArgument.ToString());
            string CurrentUsername = user.UserName;
     
            if (user != null)
            {
                user.IsApproved = true;
                Membership.UpdateUser(user);
                Response.Redirect(Request.RawUrl);
            }
        }
     
        if (e.CommandName == "UnlockUser")
        {
     
            MembershipUser user = Membership.GetUser(e.CommandArgument.ToString());
     
            string CurrentUsername = user.UserName;
     
            if (user != null)
            {
     
                UnlockUser(CurrentUsername);
                bool StatusLockUser = user.IsLockedOut;
     
                Response.Redirect(Request.RawUrl);
     
            }
        }
    }



  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    24 Mar 2010
    Link to this post
    Hello Jon,

    Thanks for getting back here and sharing the final code.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Register for webinar
6 posts, 1 answered