Export (0) Print
Expand All

Membership.MaxInvalidPasswordAttempts Property

Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

public static int MaxInvalidPasswordAttempts { get; }
/** @property */
public static int get_MaxInvalidPasswordAttempts ()

public static function get MaxInvalidPasswordAttempts () : int

Not applicable.

Property Value

The number of invalid password or password-answer attempts allowed before the membership user is locked out.

The MaxInvalidPasswordAttempts property works in conjunction with the PasswordAttemptWindow property to guard against an unwanted source using repeated attempts to guess the password or password answer of a membership user.

If the number of invalid passwords or password answers entered for a membership user is greater than or equal to the value of the MaxInvalidPasswordAttempts property within the number of minutes specified by the PasswordAttemptWindow property, then the user is locked out of the Web site by setting the IsLockedOut property to true until the user is unlocked by a call to the UnlockUser method.

If a valid password or password answer is supplied before the value of the MaxInvalidPasswordAttempts property is reached, the counter that tracks the number of invalid attempts is set to zero.

Invalid password and password answer attempts are tracked separately. For example, if the MaxInvalidPasswordAttempts property is set to 5, the user has up to five attempts to enter a correct password and up to five attempts to enter a correct password answer without being locked out.

The MaxInvalidPasswordAttempts property value is set in the application configuration using the passwordAttemptThreshold attribute of the membership Element (ASP.NET Settings Schema) configuration element.

If the RequiresQuestionAndAnswer property is false, invalid password-answer attempts are not tracked.

The following code example shows the membership Element (ASP.NET Settings Schema) element in the system.web section of an application's Web.config file. It specifies that the application use an instance of the SqlMembershipProvider class to provide membership services, and sets the maxInvalidPasswordAttempts attribute to five invalid attempts and the passwordAttemptWindow to 30 minutes.

<membership defaultProvider="SqlProvider"
  userIsOnlineTimeWindow = "20>
  <providers>
    <add
      name="SqlProvider"
      type="System.Web.Security.SqlMembershipProvider"
      connectionStringName="SqlServices"
      requiresQuestionAndAnswer="true"
      maxInvalidPasswordAttempts="5"
      passwordAttemptWindow="30"
      applicationName="MyApplication" />
  </providers>
</membership>

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

ADD
Show:
© 2014 Microsoft