Locking out a user in an ASP .Net Custom Membership Provider

Question

I\'ve had to create a custom membership provider for my current ASP .Net project in order to fit in with our database schema, and am having problems configuring it to lockout a

Answer 1

In your custom membership provider, you should implement the ValidateUser function. There you not only check if the username and password are valid, but you also retrieve the number of invalid password attempts etc from your datastore. If the username/password is valid, reset the password attempt count, otherelse increase the attempt count. The SqlMembershipProvider also stores the LastAttempt datetime, so you cannot bruteforce you way in because you are not allowed to attempt within a certain time frame.