Derek Hunziker
Reputation: 13141
How to implement account locking with custom ASP.NET Membership Provider
The custom ASP.NET membership provider I am using does not support the MaxInvalidPasswordAttempts and PasswordAttemptWindow settings. I am required to use this particular provider and my situation prevents me from extending it's functionality.
That said, what is the best approach for "rolling your own" implementation of account locking? Some initial ideas include:
- If a user exceeds the maximum number of invalid login attempts, set their account's "IsApproved" setting to FALSE.
- If a user exceeds the maximum number of invalid login attempts, set a Boolean value in their profile (i.e. "IsLocked") to true.
Also, what is the recommended way to keep track of the number of invalid attempts while attaining the PasswordAttemptWindow functionality? Should I persist a counter in Session, Cache, DB, etc..?
Upvotes: 0
Views: 415
Answers (1)
Related Questions
- MVC3 Locking membership user
- aspnet Membership login control
- Ensuring only one user login using ASP.Net Membership Provider
- Lockout an user during change password
- Custom .NET Membership
- ASP.net Membership control
- Locking out a user in an ASP .Net Custom Membership Provider
- Membership system in ASP.net
- Disabling account lockout with the SqlMembershipProvider
- Custom asp.net membership provider