Ivan Fioravanti - 238 - Aug 26, 2014

Today we’ve updated our project to v4.0.30 and we’re facing issues with our Locked account logic. We had overridden the AssertNotLocked method in our custom provider, but now in last release locked out logic is “hardcoded” in ValidateAccount method:
" var isLocked = userAuth.LockedDate != null;
            if (isLocked)
                return authService.Redirect(session.ReferrerUrl.AddHashParam(“f”, “AccountLocked”));

Why this? Can’t ValidateAccount still call the AssertotLocked method in order to being able to override its logic without having to override the whole ValidateAccount method?


AssertNotLocked throws an error, whereas ValidateAccount returns a custom response redirect. It was added because it was requested that Account Locking apply to all AuthProviders (i.e. not just CredentialsAP). I’ll remove AssertNotLocked and make a smaller overridable API like IsAccountLocked() that you can override instead.

Ivan Fioravanti:

Yes, IsAccountLocked() is a perfect solution!  Thanks!

Hey Ivan, I’ve made the suggested change in this commit: https://github.com/ServiceStack/ServiceStack/commit/8177265e5f77c73291bf745fb2865098bb6d4dc2
Which has now been deployed to MyGet: https://github.com/ServiceStack/ServiceStack/wiki/MyGet
v4.0.31 is expected to be on NuGet early next week.