SimpleMembershipProvider.MaxInvalidPasswordAttempts Property
Gets the number of invalid password or password-answer attempts that are allowed before the membership user is locked out.
Namespace: WebMatrix.WebData
Assembly: WebMatrix.WebData (in WebMatrix.WebData.dll)
Syntax
'Declaration
Public Overrides ReadOnly Property MaxInvalidPasswordAttempts As Integer
Get
'Usage
Dim instance As SimpleMembershipProvider
Dim value As Integer
value = instance.MaxInvalidPasswordAttempts
public override int MaxInvalidPasswordAttempts { get; }
public:
virtual property int MaxInvalidPasswordAttempts {
int get () override;
}
abstract MaxInvalidPasswordAttempts : int
override MaxInvalidPasswordAttempts : int
override function get MaxInvalidPasswordAttempts () : int
Property Value
Type: System.Int32
The number of invalid password or password-answer attempts that are allowed before the membership user is locked out.
Remarks
The MaxInvalidPasswordAttempts property works together with the PasswordAttemptWindow property to guard against a malicious user guessing a user account password or security-question answer through repeated attempts. If the number of invalid passwords or security-question answers supplied for a user account is greater than or equal to the PasswordAttemptWindow value within the number of minutes specified by the PasswordAttemptWindow property, the IsLockedOut property is set to true. To unlock the user account, call the UnlockUser(String) method. If a valid password or security-question answer is supplied before the MaxInvalidPasswordAttempts value is reached, the counter that tracks the invalid attempts is reset to zero.
The counts of invalid passwords and of password-answer attempts accumulate independently. For example, if the MaxInvalidPasswordAttempts property is set to 5, and if three invalid password attempts are made followed by two invalid security-question answer attempts, two more invalid password attempts (or three more invalid security-question answer attempts) must be made within the PasswordAttemptWindow time interval for the user account to be locked out.
If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.
Invalid password and security-question answer attempts are tracked in the ValidateUser(String, String), ChangePassword(String, String, String), ChangePasswordQuestionAndAnswer(String, String, String, String), GetPassword(String, String), and ResetPassword(String, String) methods.