diff --git a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
index 708f9b98c2..eca2501a63 100644
--- a/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
+++ b/src/Umbraco.Core/Configuration/Models/SecuritySettings.cs
@@ -22,6 +22,9 @@ public class SecuritySettings
internal const string StaticAllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+\\";
+ internal const int StaticMemberDefaultLockoutTimeInMinutes = 30 * 24 * 60;
+ internal const int StaticUserDefaultLockoutTimeInMinutes = 30 * 24 * 60;
+
///
/// Gets or sets a value indicating whether to keep the user logged in.
///
@@ -86,6 +89,18 @@ public class SecuritySettings
[DefaultValue(StaticUserBypassTwoFactorForExternalLogins)]
public bool UserBypassTwoFactorForExternalLogins { get; set; } = StaticUserBypassTwoFactorForExternalLogins;
+ ///
+ /// Gets or sets a value for how long (in minutes) a member is locked out when a lockout occurs.
+ ///
+ [DefaultValue(StaticMemberDefaultLockoutTimeInMinutes)]
+ public int MemberDefaultLockoutTimeInMinutes { get; set; } = StaticMemberDefaultLockoutTimeInMinutes;
+
+ ///
+ /// Gets or sets a value for how long (in minutes) a user is locked out when a lockout occurs.
+ ///
+ [DefaultValue(StaticUserDefaultLockoutTimeInMinutes)]
+ public int UserDefaultLockoutTimeInMinutes { get; set; } = StaticUserDefaultLockoutTimeInMinutes;
+
///
/// Gets or sets a value indicating whether to allow editing invariant properties from a non-default language variation.
///
diff --git a/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeIdentityOptions.cs b/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeIdentityOptions.cs
index a480991648..e3f897018a 100644
--- a/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeIdentityOptions.cs
+++ b/src/Umbraco.Web.BackOffice/Security/ConfigureBackOfficeIdentityOptions.cs
@@ -1,8 +1,10 @@
using System.Security.Claims;
+using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Security;
+using Umbraco.Cms.Web.Common.DependencyInjection;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.BackOffice.Security;
@@ -13,9 +15,21 @@ namespace Umbraco.Cms.Web.BackOffice.Security;
public sealed class ConfigureBackOfficeIdentityOptions : IConfigureOptions
{
private readonly UserPasswordConfigurationSettings _userPasswordConfiguration;
+ private readonly SecuritySettings _securitySettings;
- public ConfigureBackOfficeIdentityOptions(IOptions userPasswordConfiguration) =>
+ [Obsolete("Use the constructor that accepts SecuritySettings. Will be removed in V13.")]
+ public ConfigureBackOfficeIdentityOptions(IOptions userPasswordConfiguration)
+ : this(userPasswordConfiguration, StaticServiceProvider.Instance.GetRequiredService>())
+ {
+ }
+
+ public ConfigureBackOfficeIdentityOptions(
+ IOptions userPasswordConfiguration,
+ IOptions securitySettings)
+ {
_userPasswordConfiguration = userPasswordConfiguration.Value;
+ _securitySettings = securitySettings.Value;
+ }
public void Configure(BackOfficeIdentityOptions options)
{
@@ -31,8 +45,7 @@ public sealed class ConfigureBackOfficeIdentityOptions : IConfigureOptions