MembershipProvider limit no effect.

A

ad

I have set some limit of MembershipProvider in web.config.

<add name="MyMembershipProvider" type="MyMembershipProvider"
MaxInvalidPasswordAttempts="3" MinRequiredPasswordLength="6" />

But it no effect when valid user and change password.

How can I do?
 
J

Jon Paal

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MyConnectionstring"
minRequiredPasswordLength="4"
minRequiredNonalphanumericCharacters="0"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>
 
J

Juan T. Llibre

Maybe 10 minutes is too long for the MaxInvalidPasswordAttempts property ?

The MaxInvalidPasswordAttempts property works in conjunction with the PasswordAttemptWindow
property to guard against an unwanted source using repeated attempts to guess the password
or password answer of a membership user.

If the number of invalid passwords or password answers entered for a membership user is greater
than or equal to the value of the MaxInvalidPasswordAttempts property within the number of minutes
specified by the PasswordAttemptWindow property, then the user is locked out of the Web site by
setting the IsLockedOut property to true until the user is unlocked by a call to the UnlockUser
method.

Try :

passwordAttemptWindow="2"



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
A

ad

Dose we need implement these features in my custom Membership provider or
just set these feature in web.config?
 
J

Juan T. Llibre

Unless you are creating a Custom Membership Provider from scratch
( I doubt that ), you will be *inheriting* from System.Web.Security.MembershipProvider.

As such, *all* the features in the the Membership Provider class
are available to you in your inherited, custom, class.



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to limit max Invalid Password Attempts with Login Controls 1
Custom Membership Provider: 'Could not load type' Error 1
login control remember me doesn't work 1
Pass UserID instead of Username to other pages after logged on, ASP.NET 2.0 1
How to swapp the default Membership Provider? 4
Membership provider is a webservice 1
Membership Problem 6
How to use membership provider with login control 1

Top