web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
Your Invited to Keeping It Real with the Power Platform
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Redeem Invitation - Ma...
Power Pages
Unanswered

Redeem Invitation - Maximum Attempts? (Brute-force prevention)

(0) ShareShare
ReportReport
Posted on by rokenrolla 6

Hello Everyone,

Thanks for reading my post.

 

Following are the steps we're following:

 

  1. For Portal Registration/Login (using Local Login), we're inviting our customers using 'Create Invitation'.
  2. Users are receiving the invitation email as well as an SMS with an invitation code.
  3. Users are clicking on the link and they land on the Redeem Invitation page.
  4. Users enter the received invitation code and proceed to the "Register" page where they enter their email address and password.

    We would like to implement logic to limit the maximum attempts on the page where the user is entering the received invitation code. In other words, we would like to prevent brute-force attacks so that the attacker would not be able to get to the "Registration" page if they unsuccessfully enter the invitation code more than 3 times.

 

Invitation Page.png
Categories:
General topics
I have the same question (0)
  • Christ0f Profile Picture
    Christ0f 147 on at

    One should use the site setting "Authentication/LoginThrottling/MaxInvaildAttemptsFromIPAddress" via Portal Management.

    Schermafbeelding 2024-06-21 131231.jpg
  • Fubar Profile Picture
    Fubar 8,487 Super User 2026 Season 1 on at

    Also, there is a field "Maximum Redemptions" on the Invitation table that allows you to set the maximum number of uses of the Invitation code (e.g. set it to 1, so that the Invitation is no longer valid after it has been redeemed).  The field is not on the Invitation form by default, but you can add it on or set it with a workflow etc when the Invitation record is created. And you can also set Expiry Date on your invitations, so they are not left open for an extended period of time.

  • rokenrolla Profile Picture
    rokenrolla 6 on at

    Hi Christ0f,

     

    Thank you so much for the quick response. I already have this Site Setting configured, and it's a great feature to have.

     

    However, we would also like to limit the number of attempts when the user is trying to redeem the invitation.

  • rokenrolla Profile Picture
    rokenrolla 6 on at

    Hi Fubar,

     

    Thank you so much for the quick response. I already have "Maximum Redemptions" set to 1, but we would also like to limit the number of attempts when the user is trying to redeem the invitation. I guess I could additionally implement some logic in a workflow and invoke it after the invitation is redeemed.

     

    However, I still hope to find the right solution to limit the maximum attempts when the user is trying to register using the invitation code.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Your Invited to Keeping It Real with the Power Platform

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
rezarizvii Profile Picture

rezarizvii 61

#2
oliver.rodrigues Profile Picture

oliver.rodrigues 40 Most Valuable Professional

#3
DP_Prabh Profile Picture

DP_Prabh 26

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans