ASP.NET 4 Unleashed

Locking Out Bad Users

By default, if you enter a bad password more than five times within 10 minutes, your account is automatically locked out. In other words, it is disabled.

Also, if you enter the wrong answer for the password answer more than five times in a 10-minute interval, your account is locked out. You get five attempts at your password and five attempts at your password answer. (These two things are tracked independently.)

Two configuration settings control when an account gets locked out:

• maxInvalidPasswordAttempts— The maximum number of bad passwords or bad password answers that you are allowed to enter (The default value is 5.)

• passwordAttemptWindow— The time interval in minutes in which entering bad passwords or bad password ...

Get ASP.NET 4 Unleashed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET 4 Unleashed by Stephen Walther, Kevin Hoffman, Nate Dudek

Locking Out Bad Users

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly