Is there a way to configure user lockout settings per tenant?

[mariojsnunes]

The after reading the docs, it seems to be global for all tenants

[ns8482e]

IMHO it could be possible - and the current documentation missed for multi tenant - may be because it's obvious to achieve by implementing Option Pattern? https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/options?view=aspnetcore-5.0

You can modify any IOptions values by implementing IConfigureOptions or IPostConfigureOptions

I have not tested - but you can try following and see if that works for you. If implementing IConfigureOptions doesn't work then try implementing IPostConfigureOptions

1. Define TenantIdentity options

internal class TenantIdentityOptions : IConfigureOptions<IdentityOptions>
{
     private readonly IShellConfiguration _shellConfiguration;
     public TenantIdentityOptions(IShellConfiguration shellConfiguration)
     {
         _shellConfiguration = shellConfiguration;
     }
     public void Configure(IdentityOptions options)
     {
           _shellConfiguration.GetSection("IdentityOptions").Bind(options);
     }
}

2. Configure in App's startup in tenant pipeline or it can also be configured in module startup.

    services.ConfigureOptions<TenantIdentityOptions>();

3. Define following configuration in appsettings.json for each tenant.

{
  "OrchardCore": {
    "TenantA": {
      "IdentityOptions": {
        "Lockout": {
          "AllowedForNewUsers": true,
          "DefaultLockoutTimeSpan ": "00:05:00",
          "MaxFailedAccessAttempts ": 5
        },
        "Password": {
          "RequireDigit": false,
          "RequireLowercase": true,
          "RequireUppercase": true,
          "RequireNonAlphanumeric": false,
          "RequiredUniqueChars": 3,
          "RequiredLength": 6
        }
      }
    }
  }
}

[mariojsnunes]

Awesome! I will try!

[mariojsnunes]

I can confirm the IConfigureOptions implementation works :)
Thanks!

[xperiandri]

So is there no default functionality that will work out of the box like this?

  "OrchardCore": {
    "Default": {
      "SQL": {
        "ConnectionString": ""
      },
      "RawData": {
        "ConnectionString": ""
      },
      "EventStore": {
        "ConnectionString": ""
      }
    },
    "Sandbox": {
      "SQL": {
        "ConnectionString": ""
      },
      "RawData": {
        "ConnectionString": ""
      },
      "EventStore": {
        "ConnectionString": ""
      }
    },

[Piedone]

With IShellConfiguration such tenant-level configuration will work, yes.