Greetings,
In ASP.NET, is there a way to lockout the members for 30 minutes (or given period) if they enter the password for 5 times?
This asswordAn开发者_Python百科swerAttemptLockoutDuration, won't work for me. I'm after actual invalid password entry.
Thanks Heaps.
This property is only valid for an ActiveDirectoryMembershipProvider.
You could set the MaxInvalidPasswordAttempts- and the PasswordAttempWindow properties. Then f.e. after 5 invalid passwords the user will be locked by setting the IsLockedOut property to true and can be unlocked by the UnlockUser method.
You could compare the FailedPasswordAttemptWindowStart
value with DateTime.Now
to check if the user could be unlocked and logged in again.
I think you shouldn't implement this feature. Although it may look like a good security idea, it actually isn't. Because with this, I can easily lock any user I want, I just need to know his login name.
We've implemented a feature similar to this a while back, and works pretty well. I haven't got the code on me, but it went something like this.
On the login page, have a function that determines if the user trying to login is locked out of the system and if that user has been locked out for less than x amount of minutes display an error message, else unlock them and proceed with the login.
Hope that makes sense, I'll try and dig the code out on Monday when I'm back in the office if you need it.
精彩评论