The users in Sitefinity CMS are represented by the Telerik.Sitefinity.Security.Model.User class. It exposes the following properties for storage of user-related information:
The User class also exposes a set of properties providing statistical information about the user. For more information, read For developers: User statistics.
In order to be able to login, a user must be approved. To approve a user, you must set its IsApproved property to true. When creating a user through the API, the value of this property is false. You must explicitly set it to true, when you want to approve the user. This allows you to create scenarios, where the newly registered user must perform some action before he gets approved.
Backend users are user that are allowed to login to the backend of the Sitefinity CMS application. Users that are not backend users, are only authenticated for the frontend content of the site.
To grant a user access to the backend of the application, you must set its IsBackendUser property to true.
In Sitefinity CMS, each user is allowed a limited amount of failed logins for a specified attempt time window. When the limit is exceeded, the user gets locked, and cannot log in until the attempt window expires. The lockout can be caused by either wrong password or wrong password answer inputs.
For example, the provider is configured to allow maximum of 5 login attempts for a window of 10 minutes. A user tries to login at 12:00 PM and fails. The start of the attempt window is 12:00 PM. If the user fails to login 4 more times before 12:10 PM, the user will get locked out. If the user gets locked out, he will be able to log in after the attempt window expires – after 12:10 PM.
The maximum number of attempts and the attempt window are defined by the membership provider. To modify their values through the backend perform the following:
To determine whether to lock or unlock a user, you use the following values:
To lock a user, set the IsLockedOut property of the User object to true. To unlock it, call the UnlockUser method of the UserManager class and pass the locked user as argument. When you authenticate a user, the logic for locking and unlocking the user is executed internally. For more information about authentication, read For developers: Authenticate users.
The user profile wraps the user and stores additional information such as first name, last name, avatar, etc. When creating a user, you must also create a user profile. For more information, read For developers: User profiles.
Back To Top