Locking Out Bad Users : Membership « Authentication Authorization « ASP.NET Tutorial






Two configuration settings control when an account gets locked out: maxInvalidPasswordAttempts, passwordAttemptWindow

Enter a maximum of three bad passwords or bad password answers in one hour.

File: Web.Config

<configuration>
  <system.web>
    <authentication mode="Forms" />

    <membership defaultProvider="MyProvider">
      <providers>
        <add
          name="MyProvider"
          type="System.Web.Security.SqlMembershipProvider"
          maxInvalidPasswordAttempts="3"
          passwordAttemptWindow="60"
          connectionStringName="LocalSqlServer"/>
      </providers>
    </membership>

  </system.web>
</configuration>








21.11.Membership
21.11.1.Using ASP.NET Membership
21.11.2.Setting Up Your Web Site for Membership
21.11.3.Using the Membership Application Programming Interface
21.11.4.Use the methods of the Membership class to create custom Login controls.
21.11.5.Configure how passwords are stored by setting the passwordFormat attribute in the web configuration file.
21.11.6.Disable this requirement when using the SqlMembershipProvider.
21.11.7.Locking Out Bad Users
21.11.8.After a user has been locked out, you must call the MembershipUser.UnlockUser() method to re-enable the user account.
21.11.9.The web configuration file used to set up the XmlMembershipProvider
21.11.10.Creating users programmatically (C#)
21.11.11.Creating users programmatically (VB)
21.11.12.Membership provider settings in the machine.config file
21.11.13.Denying unauthenticated users