问题
We're using the standard ASP.net membership features that come with asp.net.
Certain accounts in our membership database have a "Locked Out" flag set to true - when/how does this happen?
回答1:
After a configurable number of failed logins (maxInvalidPasswordAttempts, default = 5) within a configurable length of time (passwordAttemptWindow, default = 10 minutes), the account will be locked out.
see here for membership related configuration properties
回答2:
These 4 guys did a great job of explaining in depth the asp.net membership controls
<system.web>
... authentication & authorization settings ...
<membership defaultProvider="CustomizedProvider">
<providers>
<add name="CustomizedProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyDB"
applicationName="MyProject"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" />
</providers>
</membership>
basically add your provider and then set the setting the way you'd like them
回答3:
When someone try to login 5 times (or whatever "maxInvalidPasswordAttempts" is set to) with the wrong password the account gets locked out ...
to avoid this in the future change the attribute maxInvalidPasswordAttempts in the web.config
example :
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
....
maxInvalidPasswordAttempts="the new value here "
/>
</providers>
回答4:
Account locking is a feature of SqlMembershipProvider that provides a safeguard against password guessing.
Looking at this page you can see that the aspnet_Membership table has IsLockedOut, LastLockoutDate, FailedPasswordAttemptCount, FailedPasswordAnswer-AttemptCount. By reviewing this table and those columns you should be able to determin who is having a failed login, when they failed on their login, and how many times they failed.
The actual count for the number of login tries can be sest in the section of the web.config. You can read more about account locking here.
来源:https://stackoverflow.com/questions/1876921/asp-net-membership-accounts-getting-locked-out