MembershipProvider.PasswordAttemptWindow Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets the number of minutes in which a maximum number of invalid password or password-answer attempts are allowed before the membership user is locked out.
public:
abstract property int PasswordAttemptWindow { int get(); };
public abstract int PasswordAttemptWindow { get; }
member this.PasswordAttemptWindow : int
Public MustOverride ReadOnly Property PasswordAttemptWindow As Integer
Property Value
The number of minutes in which a maximum number of invalid password or password-answer attempts are allowed before the membership user is locked out.
Examples
For an example of a MembershipProvider implementation, see Implementing a Profile Provider.
Remarks
The PasswordAttemptWindow property works in conjunction with the MaxInvalidPasswordAttempts property to guard against an unwanted source guessing the password or password answer of a membership user through repeated attempts. If the number of invalid passwords or password questions supplied for a membership user exceeds the MaxInvalidPasswordAttempts within the number of minutes identified by the PasswordAttemptWindow, then the membership user is locked out by setting the IsLockedOut property to true
until the user is unlocked by a call to the UnlockUser method. If a valid password or password answer is supplied before the MaxInvalidPasswordAttempts is reached, the counter that tracks the number of invalid attempts is reset to zero.
Invalid password and password-answer attempts accumulate independently of one another. For example, if the MaxInvalidPasswordAttempts property is set to 5, and three invalid password attempts are made followed by two invalid password-answer attempts, two more invalid password attempts (or three more invalid password-answer attempts) must be made within the PasswordAttemptWindow value for the membership user to be locked out.
If the RequiresQuestionAndAnswer property is set to false
, invalid password-answer attempts are not tracked.
Invalid password and password-answer attempts are tracked in the ValidateUser, ChangePassword, ChangePasswordQuestionAndAnswer, GetPassword, and ResetPassword methods.