HomeGuides
Submit Documentation FeedbackJoin Developer CommunityLog In

Timeouts and passwords

This topic describes timeouts and passwords.

When working with B2B Commerce Cloud, there are number of options for controlling the specifics related to timeouts and passwords. Some of these options are configurable, while others are not. This article provides the necessary information to understand the options related to the Admin Console and Websites (Storefronts).

Admin console

General settings

  • Timeout is set to 15 minutes and is not configurable in order to maintain compliance with PA-DSS.
  • Users who have the role ISC_Admin, ISC_System, or ISC_Integration, the password expires after 90 days (passwords for website users do not expire).

Password complexity settings

The settings to control password complexity are found in the Startup.Auth.cs file:

// Configure validation logic for passwords

SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions

// Configure validation logic for passwords
SecurityOptions.PasswordValidatorOptions = new PasswordValidatorOptions
{
    RequiredLength = 7, 
    RequireNonLetterOrDigit = false, 
    RequireDigit = true, 
    RequireLowercase = false, 
    RequireUppercase = false
};

Website Timeout Settings

The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.:

SecurityOptions.AuthenticationCookieLifetime = Convert.ToInt32(TimeSpan.FromMinutes(20).TotalSeconds);

The setting that controls the website timeout for 4.x is found within Startup.Auth.cs.


Did this page help you?