I need to be able to stop a user login on to Jiwa (using a plugin - given certain criteria of the attempted user id )
- or if this not possible - just close Jiwa after the login is complete is also acceptable.
any ideas please ?
indikad wrote:I need to be able to stop a user login on to Jiwa (using a plugin - given certain criteria of the attempted user id )
- or if this not possible - just close Jiwa after the login is complete is also acceptable.
any ideas please ?
Public Class ApplicationManagerPlugin
Inherits System.MarshalByRefObject
Implements JiwaApplication.IJiwaApplicationManagerPlugin
Public Overrides Function InitializeLifetimeService() As Object
' returning null here will prevent the lease manager
' from deleting the Object.
Return Nothing
End Function
Public Sub Setup(ByVal Plugin As JiwaApplication.Plugin.Plugin) Implements JiwaApplication.IJiwaApplicationManagerPlugin.Setup
' This is called as part of the login process, or we could of added a handler for the JiwaApplication.Manager.Instance.LoggedOn event.
If JiwaApplication.Manager.Instance.Staff.Username = "Anne" Then
Application.Exit
End If
End Sub
End Class
indikad wrote:Mike , Thanks for he help on this
As part of this implementation - I am trying to count unsuccessful user login attempts and lock the user out for a certain period after a number of attempts.
I cannot seem to see a "before loggin in" event.
Is this possible using a plugin?
There are some problems in implementing this via plugin.
The most significant is that a bad login means that the application could not obtain the SQL credentials required to login and thus no plugins have been read at this point - so no event introduced will allow failed logins to be counted.
Instead, I've introduced a new table SY_LoginAudit - we log into that table each failed login attempt. We are doing this using the JiwaLogin SQL user - it has been modified to include INSERT only access to SY_LoginAudit. So the JiwaLogin SQL user now has SELECT access on HR_Staff and INSERT access to SY_LoginAudit.
To disable jiwa accounts after 5 bad password attempts within a 5 minute window, this trigger will do that:
- Code: Select all
CREATE TRIGGER SY_LoginAudit_LockOutAfter5FailedLoginsIn5Mins
ON SY_LoginAudit
AFTER INSERT
AS
BEGIN
SET NOCOUNT ON;
DECLARE @FailCount INT
DECLARE @AuditResult SMALLINT
DECLARE @UserName VARCHAR(50)
/*Public Enum AuditResults
Success = 0
FailureUserNotFound = 1
FailureAccountIsDisabled = 2
FailureAuthenticationModeNotPermitted = 3
FailureInvalidPassword = 4
End Enum*/
SELECT @AuditResult = i.AuditResult, @UserName = i.UserName
FROM inserted i
SELECT @FailCount = COALESCE(COUNT(*), 0)
FROM inserted i
JOIN HR_Staff ON HR_Staff.Username = i.UserName
JOIN SY_LoginAudit ON SY_LoginAudit.UserName = i.UserName
WHERE SY_LoginAudit.AuditResult = 4 -- 4 = Bad Password
AND SY_LoginAudit.AuditDateTime BETWEEN DATEADD(MINUTE, -5, GETDATE()) AND GETDATE()
IF @FailCount >= 4 AND @AuditResult = 4
-- This will be the 5th bad password in 5mins
UPDATE HR_Staff
SET HR_Staff.ActiveLogIn = 0
WHERE HR_Staff.Username = @UserName
END
GO
Return to Technical and or Programming
Users browsing this forum: No registered users and 9 guests