First, I must tell you the obvious, and you probably knew this was coming... Please upgrade as soon as humanly possible. There have been a TON of updates since that version of DNN, and we're at 9.11.00 now. That release alone has 13 security updates, and you're missing maybe a dozen others. :)

Anyhow, this should be easy. All you should need to do is access the UserInfo object, then toggle the IsDeleted or IsApproved properties (or both).

Thanks Will for the quick response.  As for the upgrading it's above my pay grade but they're aware of the risks.  

As for the options to set the IsDeleted/IsApproved properties, I have code that sets the IsApproved property and it works.

I assume that the option to directly set the "Locked Out" value that I see in the Edit User Account screen is not possible?

Thanks

Anyone else have any idea how to do this or if it is even possible?

Thanks

I was looking at the "User Accounts\Edit User Accounts" page and realized that there is no button to Lock an account. The account can only be Locked through multiple failed login attempts. 

But once an account is Locked, I can now see a button to Unlock the account.  So there has to be a way to call this programmatically no?

I tried setting:            

User.Membership.LockedOut = false;

but that didn't work. No error just didn't Unlock the account.  

Is there not some way to programmatically Unlock an locked account?

 

For unlocking, you can look at how DNN does it today when you click the Unlock button, https://github.com/dnnsof...ip.ascx.cs#L419-L440

If you follow that unlocking code, you'll see that it's the responsibility of the membership provider to unlock a user. For locking, it doesn't appear that the membership provider includes a way to lock (i.e. it's the provider's responsibility to control the locking logic). The ASP.NET membership provider does not support directly locking a user (https://learn.microsoft.c...w=netframework-4.8). You could potentially try to intentionally log them in with invalid credentials enough times to cause the account to be locked.

I figured out a backend way to unlock (lock does not work) a user account in DNN version 8.

This feature seems to be available in DNN version 9 but we are not able to upgrade for some reason that I can't control.

I had to write a sql command to get the UserId (GUID) from the aspnet_Users table and then using that I ran a sql update command to the aspnet_Membership table by setting IsLocked = 0 and FailedPasswordAttempCount = 0.

Hope that helps if someone is in the same situation.

FYI - Whenever using SQL to directly manipulate anything in DNN, you should be aware that it's technically a core code change. The database schema can and usually changes with every upgrade. So, you should always be on the lookout for the next Release Candidates whenever a new release is pending and test as quickly as you can before the release is made public. (Generally, you have at least 2 weeks.)