Security and password rules setup
This article relate to DVI 5 forms security (username and password login). In a windows authentication (AD) setup, rules for security are controlled by the Active Directory administrator.
Rules for configuring security rules is now located in the web.config file in the applicationSettings.Plass.Id.Web.Properties.Settings:
The following parameters can be configured:
- PasswordRulesRequireNonLetterOrDigit
Passwords must contain at least one character different from numeric or letter values e.g. the @ sign.
- PasswordRulesRequireDigit
Password must contain at least one numeric value.
- PasswordRulesRequiredLength
Defined the minimum password length.
- PasswordRulesRequireLowercase
Password must contain at least one lowercase character
- PasswordRulesRequireUppercase
Password must contain at least one uppercase character
- PasswordRuleHistoryLimit
Defines the number of previous passwords to check for identicality with a new password. If the feature is not wanted, enter the value 0.
- PasswordRulesMaxPasswordChangesPerDay
Defines the number of possible password changes per. day. If this feature is not wanted, enter a unlikely high value, eg. 9999
- PasswordRulesEnforcePasswordExpire
If set to true, passwords have to be changed a least every X day where X i defined by PasswordRulesPasswordExpireDays, otherwise the account is locked out. When the account is locked, only resetting the password will unlock it.
- PasswordRulesPasswordExpireDays
See above
- PasswordRulesUserLockoutEnabledByDefault
If set true, users are locked out if entering incorrect password more than X times, where X is defined by the PasswordRulesMaxFailedAccessAttemptsBeforeLockout setting
- PasswordRulesMaxFailedAccessAttemptsBeforeLockout
Number of times an invalid password can be entered before the account is lockedout.
- PasswordRulesDefaultAccountLockoutMinutes
Number of minutes before the account is unlocked due to invalid login attempts
- PasswordRulesPreventSequentialPasswords
If set true, a new password is compared to the previous password and disallowed if it contains numeric values which differ +/-1 compared to the numeric values used in the old password.
- PasswordRulesEnforceInactivityLockout
If set true, the "last login date" is validated. If the last login date is older than the number of days defined in the PasswordRulesInactivityLockoutExpireDays setting the account is locked.
The account can be unlocked by reset or change password.
- PasswordRulesInactivityLockoutExpireDays
See above.