SetSystemBehaviorSettings API¶

Updates the system behavior settings including login logging configuration and login delay (anti-brute-force) settings.

Endpoint¶

/srv.asmx/SetSystemBehaviorSettings

Methods¶

• GET /srv.asmx/SetSystemBehaviorSettings?authenticationTicket=...&settingsXml=...
• POST /srv.asmx/SetSystemBehaviorSettings (form data)
• SOAP Action: http://tempuri.org/SetSystemBehaviorSettings

Parameters¶

Request XML Structure¶

<SystemBehaviorSettings>
  <LogLogins>true</LogLogins>
  <LogLoginAttempts>true</LogLoginAttempts>
  <LoginDelay>500</LoginDelay>
  <AllowLibraryManagersToEditPolicy>false</AllowLibraryManagersToEditPolicy>

</SystemBehaviorSettings>

SystemBehaviorSettings Properties¶

Success Response¶

<response success="true" />

Error Response¶

<response success="false" error="[ErrorCode] Error message" />

Required Permissions¶

• User must have UpdateApplicationSettingsAndPolicies admin permission
• Regular users will receive an access denied error

Example Requests¶

Request (GET)¶

GET /srv.asmx/SetSystemBehaviorSettings?authenticationTicket=abc123-def456&settingsXml=%3CSystemBehaviorSettings%3E%3CLogLogins%3Etrue%3C%2FLogLogins%3E%3CLogLoginAttempts%3Etrue%3C%2FLogLoginAttempts%3E%3CLoginDelay%3E500%3C%2FLoginDelay%3E%3C%2FSystemBehaviorSettings%3E HTTP/1.1
Host: server.example.com

Request (POST)¶

POST /srv.asmx/SetSystemBehaviorSettings HTTP/1.1
Content-Type: application/x-www-form-urlencoded

authenticationTicket=abc123-def456&settingsXml=<SystemBehaviorSettings><LogLogins>true</LogLogins><LogLoginAttempts>true</LogLoginAttempts><LoginDelay>500</LoginDelay></SystemBehaviorSettings>

Request (SOAP 1.1)¶

POST /srv.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/SetSystemBehaviorSettings"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <SetSystemBehaviorSettings xmlns="http://tempuri.org/">
      <authenticationTicket>abc123-def456</authenticationTicket>
      <settingsXml><![CDATA[<SystemBehaviorSettings>
      <LogLogins>true</LogLogins>
      <LogLoginAttempts>true</LogLoginAttempts>
      <LoginDelay>500</LoginDelay>
      <AllowLibraryManagersToEditPolicy>true</AllowLibraryManagersToEditPolicy>
      </SystemBehaviorSettings>]]></settingsXml>
    </SetSystemBehaviorSettings>
  </soap:Body>
</soap:Envelope>

Workflow¶

1. Get Current Settings: Call GetSystemBehaviorSettings to retrieve current configuration
2. Modify Settings: Update the desired properties in the XML
3. Apply Changes: Call SetSystemBehaviorSettings with the updated XML
4. Verify: Call GetSystemBehaviorSettings again to confirm changes were applied

Notes¶

• LoginDelay: Values outside the range 0-2000 will be automatically normalized:
• Values less than 0 are set to 0
• Values greater than 2000 are set to 2000
• Immediate Effect: Changes take effect immediately after a successful update
• Cache Reset: The settings cache is automatically reset after update
• Audit Trail: Consider enabling login logging for compliance and security monitoring

Error Codes¶

Common error responses:

Security Recommendations¶

1. Enable Login Logging: Enable both LogLogins and LogLoginAttempts for security compliance
2. Set Login Delay: A delay of 500-1000ms provides good protection against brute-force attacks without significantly impacting user experience
3. Monitor Logs: Regularly review login attempt logs for suspicious activity

Related APIs¶

• GetSystemBehaviorSettings - Retrieve current system behavior settings
• GetAuthenticationAndPasswordPolicy - Get password policy and re-prompt actions
• SetGeneralAppSettings - Update general application settings
• AuthenticateUser - Authenticate and obtain a ticket

Version History¶

• New in current version: Separated from AuthenticationAndPasswordPolicy for independent management
• Settings are admin-only for security reasons

See Also¶

• Control Panel UI: ApplicationSettingsApply.aspx - System behavior configuration page