Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

ActiveDirectoryMembershipProvider.MaxInvalidPasswordAttempts Property

Gets the number of failed answer attempts a user is allowed for the password-reset question.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)
public override int MaxInvalidPasswordAttempts { get; }

Property Value

Type: System.Int32
The number of failed password answer attempts a user is allowed before the account is locked. The default is 5.
ExceptionCondition
InvalidOperationException

An attempt to access the MaxInvalidPasswordAttempts property was made before the ActiveDirectoryMembershipProvider instance was initialized.

When the EnablePasswordReset property is true, the user must answer the password question to reset his or her password. The user is allowed a limited number of answer attempts within the time window established by the PasswordAttemptWindow property. If the number of password answer attempts is greater than or equal to the value stored in the MaxInvalidPasswordAttempts property, the user is locked out of further attempts for the number of minutes stored in the PasswordAnswerAttemptLockoutDuration property.

NoteNote

This property does not control the number of failed logon attempts a user can make before being locked out. The Active Directory server handles failed logon attempts and is not affected by the value of this property.

The MaxInvalidPasswordAttempts property is set in your application's configuration file using the maxInvalidPasswordAttempts attribute of the membership Element (ASP.NET Settings Schema) element. If the property is not set in the application's configuration file, the MaxInvalidPasswordAttempts property is set to the default value of 5.

The following code example shows a Web.config entry that configures an ActiveDirectoryMembershipProvider instance to lock out users who make three failed attempts to enter the password answer in a 10-minute time window. If the user is locked out, no further attempts to answer the password question may be made for 15 minutes.

<configuration>
  <connectionStrings>
    <add name="ADService" connectionString="LDAP://ldapServer/" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <add name="AspNetActiveDirectoryMembershipProvider" 
          type="System.Web.Security.ActiveDirectoryMembershipProvider, 
          System.Web, Version=2.0.3600, Culture=neutral,
          PublicKeyToken=b03f5f7f11d50a3a"
          maxInvalidPasswordAttempts="3"
          passwordAttemptWindow="10"
          passwordAnswerAttemptLockoutDuration="15" />
      </providers>
    </membership>
  </system.web>
</configuration>

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.