Jiwa

indikad wrote:I need to be able to stop a user login on to Jiwa (using a plugin - given certain criteria of the attempted user id )
- or if this not possible - just close Jiwa after the login is complete is also acceptable.

any ideas please ?

Code: Select all

Public Class ApplicationManagerPlugin
    Inherits System.MarshalByRefObject
    Implements JiwaApplication.IJiwaApplicationManagerPlugin

    Public Overrides Function InitializeLifetimeService() As Object
        ' returning null here will prevent the lease manager
        ' from deleting the Object.
        Return Nothing
    End Function

    Public Sub Setup(ByVal Plugin As JiwaApplication.Plugin.Plugin) Implements JiwaApplication.IJiwaApplicationManagerPlugin.Setup
      ' This is called as part of the login process, or we could of added a handler for the JiwaApplication.Manager.Instance.LoggedOn event.         
      If JiwaApplication.Manager.Instance.Staff.Username = "Anne" Then
         Application.Exit
      End If
    End Sub

End Class

indikad wrote:Mike , Thanks for he help on this

As part of this implementation - I am trying to count unsuccessful user login attempts and lock the user out for a certain period after a number of attempts.

I cannot seem to see a "before loggin in" event.

Is this possible using a plugin?

There are some problems in implementing this via plugin.

The most significant is that a bad login means that the application could not obtain the SQL credentials required to login and thus no plugins have been read at this point - so no event introduced will allow failed logins to be counted.

Instead, I've introduced a new table SY_LoginAudit - we log into that table each failed login attempt. We are doing this using the JiwaLogin SQL user - it has been modified to include INSERT only access to SY_LoginAudit. So the JiwaLogin SQL user now has SELECT access on HR_Staff and INSERT access to SY_LoginAudit.

To disable jiwa accounts after 5 bad password attempts within a 5 minute window, this trigger will do that:

Code: Select all

CREATE TRIGGER SY_LoginAudit_LockOutAfter5FailedLoginsIn5Mins
   ON SY_LoginAudit
   AFTER INSERT
AS
BEGIN
   SET NOCOUNT ON;

   DECLARE @FailCount INT
   DECLARE @AuditResult SMALLINT
   DECLARE @UserName VARCHAR(50)

   /*Public Enum AuditResults
        Success = 0
        FailureUserNotFound = 1
        FailureAccountIsDisabled = 2
        FailureAuthenticationModeNotPermitted = 3       
        FailureInvalidPassword = 4
    End Enum*/

   SELECT @AuditResult = i.AuditResult, @UserName = i.UserName
   FROM inserted i

   SELECT @FailCount = COALESCE(COUNT(*), 0)
   FROM inserted i
   JOIN HR_Staff ON HR_Staff.Username = i.UserName
   JOIN SY_LoginAudit ON SY_LoginAudit.UserName = i.UserName
   WHERE SY_LoginAudit.AuditResult = 4 -- 4 = Bad Password
   AND SY_LoginAudit.AuditDateTime BETWEEN DATEADD(MINUTE, -5, GETDATE()) AND GETDATE()

   IF @FailCount >= 4 AND @AuditResult = 4
      -- This will be the 5th bad password in 5mins
      UPDATE HR_Staff      
      SET HR_Staff.ActiveLogIn = 0
      WHERE HR_Staff.Username = @UserName
END
GO