Locking out a user in an ASP .Net Custom Membership Provider

Question

I\'ve had to create a custom membership provider for my current ASP .Net project in order to fit in with our database schema, and am having problems configuring it to lockout a

Answer 1

This is something that you'd have to write yourself.

The default database schema has the following columns in the aspnet_Membership table:

IsLockedOut
FailedPasswordAttemptCount
FailedPasswordAttemptWindowStart

The attempt count will be incremented on every failed attempt within the attempt window, and the time of the first failed attempt is stored in the window start column, once FailedPasswordAttemptCount equals the maxInvalidPasswordAttempts from the configuration, the IsLockedOut is set.

As Michiel states, your ValidateUser method will then need to check these values based on the settings in the provider configuration - by default these are:

maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"

Once the user has had the maximum login attempts, you'll need to ensure that you have set the MembershipUser.IsLockedOut is set from your provider - you can then check that value and behave appropriately - if you are using the default Login controls, this value will probably already be checked for you.