How to lock user using forms authentication

Question

Coding Platform: ASP.NET 4.0 Webforms with C#

I have two roles admin and member.
In my application, admin can manipulate most of the member data.
I know that in forms authentication a user can be unlocked like,

            MembershipUser user = Membership.GetUser(clickeduserName);
            user.UnlockUser();
            Membership.UpdateUser(user);

My questions are,

1. How to lock a user in forms authentication?
2. Why is MembershipUser.IsLockedOut Property set as ReadOnly?
3. Is it not the right way to LockOut people as an administrator?

Answer 1

Excerpt from MSDN:

Normally, User's are LockedOut automatically when the MaxInvalidPasswordAttempts is reached within the PasswordAttemptWindow.

Users can also be locked out if you use the GetPassword or ResetPassword overload that accepts a password answer and the number of bad answers entered by the user reaches the value of Membership.MaxInvalidPasswordAttempts within the Membership.PasswordAttemptWindow.

A workaround could be to use IsApproved property like this:

MembershipUser user = Membership.GetUser();
user.IsApproved = false;
Membership.UpdateUser(user);

Answer 2

You can make it lock the user (set .IsLockedOut to true) by doing the following:

    MembershipUser user = Membership.GetUser("UserToLock");        
    for (int i = 0; i < Membership.MaxInvalidPasswordAttempts; i++)
    {
        Membership.ValidateUser(user.UserName, "Not the right password");
    }

Answer 3

There are a few options discussed here: http://forums.asp.net/t/1435151.aspx

They vary from using IsApproved (settable) instead of IsLockedOut to mucking with the underlying SQL database to set the lockout flag.