SimpleMembershipProvider.PasswordAttemptWindow Property
Gets the number of minutes during which the maximum number of invalid password or security-question answer attempts are allowed before the user account is locked out.
Namespace: WebMatrix.WebData
Assembly: WebMatrix.WebData (in WebMatrix.WebData.dll)
Syntax
'Declaration
Public Overrides ReadOnly Property PasswordAttemptWindow As Integer
Get
'Usage
Dim instance As SimpleMembershipProvider
Dim value As Integer
value = instance.PasswordAttemptWindow
public override int PasswordAttemptWindow { get; }
public:
virtual property int PasswordAttemptWindow {
int get () override;
}
abstract PasswordAttemptWindow : int
override PasswordAttemptWindow : int
override function get PasswordAttemptWindow () : int
Property Value
Type: System.Int32
The number of minutes.
Remarks
The MaxInvalidPasswordAttempts property works together with the PasswordAttemptWindow property to guard against a malicious user guessing the password or security-question answer for a user account through repeated attempts. If the number of invalid passwords or security-question answers supplied for a user account is greater than or equal to the PasswordAttemptWindow value within the number of minutes specified by the PasswordAttemptWindow property, the IsLockedOut property is set to true. To unlock the user account, call the UnlockUser(String) method. If a valid password or security-question answer is supplied before the MaxInvalidPasswordAttempts value is reached, the counter that tracks the invalid attempts is reset to zero.
The counts of invalid passwords and of password-answer attempts accumulate independently. For example, if the MaxInvalidPasswordAttempts property is set to 5, and if three invalid password attempts are made followed by two invalid security-question answer attempts, two more invalid password attempts (or three more invalid security-question answer attempts) must be made within the PasswordAttemptWindow time interval for the user account to be locked out.
If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.
Invalid password and password-answer attempts are tracked in the ValidateUser(String, String), ChangePassword(String, String, String), ChangePasswordQuestionAndAnswer(String, String, String, String), GetPassword(String, String), and ResetPassword(String, String) methods.