Hello All,
I want to block the user based on the invalid login attempt.
We have used the inbuilt Dologin action.
Currently, It is blocking the user based on the IP, But i need to block user from login itself.
Blocked user should not be able to login in any device.
I have saw some forum post
https://www.outsystems.com/forums/discussion/37154/can-we-customize-the-user-login-failure-attempts-and-the-time-of-next-login/
Is there is any way, that we can able to achieve in configuration itself
Regards,
Ellakkiya.S
Hi Ellakkiya,
You can deactivate the user. That will prevent him / her to login again. The only way to have him back is to inactivate him / her.
You can update the Is_Active attribute from the User entity, for that particular user, of course.
Kind Regards,João
Hello João Marques,
Thankyou for reply
But after 60mins, that user should be active and can able to login again.
if i implement this logic "update the Is_Active attribute from the User entity, for that particular user "
So, to activate that user again, do i need to create any seperate timer? or
outsystems will handle it? as now it is happening of one particluar ip
You can create a BPT with a waiting activity to unblock it after 60 minutes.
In any case, OutSystems Users login has brute force protection not only per IP but also per username.
You can control its site properties to set the backoffs timing, and to achieve this.
Now that I better understand your need, I think you should be able to achieve that, by configuring it according to your needs, rather than implementing a more custom solution as the one I suggested earlier with the BPT
Take a look at this comprehensive documentation on protection against brute force, step by step, with screenshots.
You can update the Is_Active attribute from the User entity .
Regards
Suchita Khandelwal