Kentico CMS 7.0 Developer's Guide

Unlocking an account

Unlocking an account

Previous topic Next topic Mail us feedback on this topic!  

Unlocking an account

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

A user account can be locked for one of the following reasons:


The user's password expires.

The user reaches the limit of invalid logon attempts.


The following text describes how you can provide users with means to unlock their accounts.


Password expired


When an account is locked due to password expiration, the particular user will be required to change their password in order to unlock their account. To learn how to facilitate that, refer to the Password expiration topic.


Alternatively, you can extend the password's validity, as described in the Password expiration topic.


Invalid logon attempts exceeded


When an account is locked due to exceeding the number of invalid logon attempts, the particular user will have to manually unlock their account. You can enable them to do that by directing them to the ~/CMSModules/Membership/CMSPages/UnlockUserAccount.aspx page.


Alternatively, you can create a custom page for unlocking accounts, on which you can place one of the following components:


Unlock user account web part - a web part you can use in the Portal engine development model.

UnlockUserAccount control - an alternative to the Unlock user account web part, which can be placed on an ASPX page. The control is located in ~/CMSModules/Membership/Controls/UnlockUserAccount.ascx.




You can then specify whether you want users to receive an e-mail notifying them that their account has been locked in the Send unlock account e‑mail setting. The notification e‑mail uses the Membership - User account locked template. You can inset a link to the account unlock page with the {% UnlockAccountUrl %} macro.


Users can also be notified directly when logging in. To enable this option, set the Display account lock information message setting to true. However, enabling this feature is not recommended, since it can reveal to a potential attacker the fact, that they've managed to lock a user's account.