SimpleMembershipProvider.PasswordAttemptWindow Property

Gets the number of minutes during which the maximum number of invalid password or security-question answer attempts are allowed before the user account is locked out.

Namespace:  WebMatrix.WebData
Assembly:  WebMatrix.WebData (in WebMatrix.WebData.dll)

public override int PasswordAttemptWindow { get; }

Property Value

Type: System.Int32
The number of minutes.

The MaxInvalidPasswordAttempts property works together with the PasswordAttemptWindow property to guard against a malicious user guessing the password or security-question answer for a user account through repeated attempts. If the number of invalid passwords or security-question answers supplied for a user account is greater than or equal to the PasswordAttemptWindow value within the number of minutes specified by the PasswordAttemptWindow property, the IsLockedOut property is set to true. To unlock the user account, call the UnlockUser(String) method. If a valid password or security-question answer is supplied before the MaxInvalidPasswordAttempts value is reached, the counter that tracks the invalid attempts is reset to zero.

The counts of invalid passwords and of password-answer attempts accumulate independently. For example, if the MaxInvalidPasswordAttempts property is set to 5, and if three invalid password attempts are made followed by two invalid security-question answer attempts, two more invalid password attempts (or three more invalid security-question answer attempts) must be made within the PasswordAttemptWindow time interval for the user account to be locked out.

If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.

Invalid password and password-answer attempts are tracked in the ValidateUser(String, String), ChangePassword(String, String, String), ChangePasswordQuestionAndAnswer(String, String, String, String), GetPassword(String, String), and ResetPassword(String, String) methods.