How User account be locked for 30 min after 5 unsuccessful login attempts with asp.net?
Solution 1
if you are using SqlMembershipProvider
then use
maxInvalidPasswordAttempts
for attempts
passwordAttemptWindow
for locking for specified period
no option for password expiration or password history
but if you are using ActiveDirectoryMembershipProvider
then use
maxInvalidPasswordAttempts
for attempts
passwordAnswerAttemptLockoutDuration
for locking for specified period
and ajust your domain policy for password expiration or password history
full info here
http://msdn.microsoft.com/en-us/library/ff648345.aspx#paght000022_usingthesqlmembershipprovider
Solution 2
For the first requirement, the membership provider offers a MaxInvalidPasswordAttempts property which you can use in conjunction with the PasswordAttemptWindow property.
The 2nd requirement to the best of my knowledge would require you to customize the membership provider. The base membership provider does not retain prior passwords or have a forced password reset to my knowledge. This could be done if you create a custom provider yourself however.
Starter material for creating a custom membership provider
GirishK
Updated on June 13, 2022Comments
-
GirishK about 2 years
I am using asp.net membership provider for managing users. I have a requirement to lock user accounts for 30 mins after 5 unsuccessful attempts. How should I do that using asp.net membership provider on the server side?
Also I want that 'Passwords should expire after 3 months', 'Last 10 used passwords should be remembered'. Is there any way to solve these requirements.
-
PostMan about 13 years1. What if the user was locked 29m after last schedule job?
-
Devjosh about 13 yearsdeepika nice solution its always better to rely on our own database architecture and functionality i like your way@devjosh
-
WarrenG about 13 yearsThe MembershipUser object has a property called LastPasswordChangeDate you can check for password expiration after the user has logged in. Doesn't solve the history problem, though.
-
Devjosh about 13 yearswelcome i love to stick to the basic features always because we can customize the things according to our logic.@happy programming
-
masum7 about 8 yearspasswordAttemptWindow is for checking the invalid password. It is not a locked out period. Ref: msdn.microsoft.com/en-us/library/…