web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Redeem Invitation - Ma...
Power Pages
Unanswered

Redeem Invitation - Maximum Attempts? (Brute-force prevention)

(0) ShareShare
ReportReport
Posted on by rokenrolla 6

Hello Everyone,

Thanks for reading my post.

 

Following are the steps we're following:

 

  1. For Portal Registration/Login (using Local Login), we're inviting our customers using 'Create Invitation'.
  2. Users are receiving the invitation email as well as an SMS with an invitation code.
  3. Users are clicking on the link and they land on the Redeem Invitation page.
  4. Users enter the received invitation code and proceed to the "Register" page where they enter their email address and password.

    We would like to implement logic to limit the maximum attempts on the page where the user is entering the received invitation code. In other words, we would like to prevent brute-force attacks so that the attacker would not be able to get to the "Registration" page if they unsuccessfully enter the invitation code more than 3 times.

 

Categories:
General topics
Invitation Page.png
I have the same question (0)
  • Christ0f Profile Picture
    Christ0f 147 on at

    One should use the site setting "Authentication/LoginThrottling/MaxInvaildAttemptsFromIPAddress" via Portal Management.

    Schermafbeelding ...
  • Fubar Profile Picture
    Fubar 8,354 Super User 2025 Season 2 on at

    Also, there is a field "Maximum Redemptions" on the Invitation table that allows you to set the maximum number of uses of the Invitation code (e.g. set it to 1, so that the Invitation is no longer valid after it has been redeemed).  The field is not on the Invitation form by default, but you can add it on or set it with a workflow etc when the Invitation record is created. And you can also set Expiry Date on your invitations, so they are not left open for an extended period of time.

  • rokenrolla Profile Picture
    rokenrolla 6 on at

    Hi Christ0f,

     

    Thank you so much for the quick response. I already have this Site Setting configured, and it's a great feature to have.

     

    However, we would also like to limit the number of attempts when the user is trying to redeem the invitation.

  • rokenrolla Profile Picture
    rokenrolla 6 on at

    Hi Fubar,

     

    Thank you so much for the quick response. I already have "Maximum Redemptions" set to 1, but we would also like to limit the number of attempts when the user is trying to redeem the invitation. I guess I could additionally implement some logic in a workflow and invoke it after the invitation is redeemed.

     

    However, I still hope to find the right solution to limit the maximum attempts when the user is trying to register using the invitation code.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Fubar Profile Picture

Fubar 78 Super User 2025 Season 2

#2
Jerry-IN Profile Picture

Jerry-IN 75

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans