I’m currently working on a project where one of the requirements is blocking a user after three invalid login attemps. What is the best way to implement this feature?.
On the other hand, how can I force users to change the password the first time they log in?
For the first:
If it’s just end users that you’re worried about, I would build a ‘fake’ login screen for the project. That is, the Ignition project would automatically log in some ‘guest’ user or something similar, and have a simple window with a login/password and a submit button. Then you could use the system.security.switchUser function to check whether it’s a valid user. It would be pretty easy to add some scripting to that login window to ‘count’ the failed login attempts and then perform whatever other action you want.
For the second:
I would recommend a DB-driven user source. You could set it up in automatic mode to get the tables that you need for a basic structure, then change to manual mode and add a ‘temporary’ column to the authentication table. Thus, your validation (probably on the same pseudo-login screen) could check the value of that ‘temporary’ column, and immediately prompt the user for a new password upon logging in.
Thank for your quick answer Paul,
What about implementing Active Directory with the same requirements?, what issues could arise?