How User account be locked for 30 min after 5 unsuccessful login attempts with asp.net?

c# asp.net asp.net-mvc
11,203

Solution 1

if you are using SqlMembershipProvider then use

maxInvalidPasswordAttempts for attempts

passwordAttemptWindow for locking for specified period

no option for password expiration or password history

but if you are using ActiveDirectoryMembershipProvider then use

maxInvalidPasswordAttempts for attempts

passwordAnswerAttemptLockoutDuration for locking for specified period

and ajust your domain policy for password expiration or password history

full info here

http://msdn.microsoft.com/en-us/library/ff648345.aspx#paght000022_usingthesqlmembershipprovider

Solution 2

For the first requirement, the membership provider offers a MaxInvalidPasswordAttempts property which you can use in conjunction with the PasswordAttemptWindow property.

The 2nd requirement to the best of my knowledge would require you to customize the membership provider. The base membership provider does not retain prior passwords or have a forced password reset to my knowledge. This could be done if you create a custom provider yourself however.

Starter material for creating a custom membership provider

Share:
11,203
GirishK
Author by

GirishK

Updated on June 13, 2022

Comments

  • GirishK
    GirishK about 2 years

    I am using asp.net membership provider for managing users. I have a requirement to lock user accounts for 30 mins after 5 unsuccessful attempts. How should I do that using asp.net membership provider on the server side?

    Also I want that 'Passwords should expire after 3 months', 'Last 10 used passwords should be remembered'. Is there any way to solve these requirements.

  • PostMan
    PostMan about 13 years
    1. What if the user was locked 29m after last schedule job?
  • Devjosh
    Devjosh about 13 years
    deepika nice solution its always better to rely on our own database architecture and functionality i like your way@devjosh
  • WarrenG
    WarrenG about 13 years
    The MembershipUser object has a property called LastPasswordChangeDate you can check for password expiration after the user has logged in. Doesn't solve the history problem, though.
  • Devjosh
    Devjosh about 13 years
    welcome i love to stick to the basic features always because we can customize the things according to our logic.@happy programming
  • masum7
    masum7 about 8 years
    passwordAttemptWindow is for checking the invalid password. It is not a locked out period. Ref: msdn.microsoft.com/en-us/library/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

System.Web.HttpContext.Current.get returned null in asp.net mvc controller
Asp.net WebAPI: Aborted (cancelled) requests
Facebook login throws "Given URL is not allowed by the Application configuration.: One or more of the given URLs is not allowed
Read request payload in c# asp.net ajax POST request
What is the difference between JSON.NET DataContractJsonSerializer and the Newtonsoft JSON serializer
Posting to another model from a form in ASP.NET MVC
ASP.Net MVC 3 Login and Windows Authentication
Form Builder On the fly With asp.net mvc site
What is SignalR's browser compatibility?
Where is the default database created for C# MVC ASP.NET application?