thanx Anirudh for your suggestions.
On Sep 15, 6:07 pm, "Anirudh (Google)" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> On second thoughts, it would be better not to relay the
> 'loginAttempts' between client/server and maintain it using ASP.NET
> session state instead to keep it secured.
>
> -Anirudh
>
> On Sep 15, 12:28 pm, "Anirudh (Google)" <[EMAIL PROTECTED]> wrote:
>
>
>
> > Hi,
>
> > Your understanding is correct on the sequence of events.
> > On failed authentication attempts, it is really a business choice
> > whether to redirect to an error page and lock the user account or to
> > let the users retry. For example, you can choose to allow users to
> > attempt to login say three times and then decide to lock the user
> > account in your system for sometime.
>
> > This can be achieved by saving the SAMLRequest and RelayState in UI
> > fields as done in the demo along with an additional Login attempts
> > count variable. I do not have code for the same but it should be
> > fairly simple to implement
>
> > The if..else block would look like:
>
> > if ( Int.parse(Request['loginAttempts'] ) > 3 )
> > {
> > //lock user account
> > // redirect to error page}
>
> > else
> > {
> > //try authentication
> > if ( invalid credentials )
> > {
> > //redirect to login page again incrementing loginAttempts and
> > sending it along with SAMLRequest and RelayState
>
> > }
> > else
> > {
> > SetUpGoogleLoginForm( username );
> > }
>
> > }
>
> > But like i said, it is an option based on your business/use case.
>
> > -Anirudh
>
> > On Sep 12, 11:27 am, eiklin <[EMAIL PROTECTED]> wrote:
>
> > > Hi,
>
> > > i am looking at the source code of the .NET Single Sign-On sample that
> > > is currently at version 1.0.1.
>
> > > i noticed that we are supposed to perform our custom authentication
> > > method to verify the userid and password, and if the custom
> > > authentication is successful, the program should then call the
> > > SetupGoogleLoginForm(username) function.
>
> > > I noticed also that the above is not in the form of a if.. else..
> > > statement, so may I know what is the recommended action to take in the
> > > event that the custom authentication is not successful? Do a
> > > redirection or retry the authentication? I would appreciate if you
> > > could also provide the corresponding code for implementing the
> > > suggested method.
>
> > > thank you very much,- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Apps APIs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/google-apps-apis?hl=en
-~----------~----~----~----~------~----~------~--~---
