How to indicate # failed login attempts to lock an account in MVC 4 w / default simplemembership provider

Question

How to indicate # failed login attempts to lock an account in MVC 4 w / default simplemembership provider

How can you indicate # failed login attempts with the default simplemembership provider in ASP.NET MVC 4? I see that there is a way to unlock the account, but I see nowhere where you can indicate # failed attempts that cause the account to be locked. If you specified this in MVC 3, you can specify maxInvalidPasswordAttempts in web.config under the provider. However, with MVC4 simplemembership you do not configure the provider in web.config.

+6

asp.net-mvc-4 simplemembership

Xaxum Oct 11 '12 at 20:36

source share

1 answer

Xaxum · Accepted Answer · 2012-10-19T14:16:16+0000

It turns out that the simplemembership provider keeps track of failed logins, but it's up to you to catch failed login attempts with something like ...

if(WebSecurity.IsAccountLockedOut(model.UserName,4,10000)){ return RedirectToAction("LockedAccount"); }

Which, of course, leads to how to register them as soon as they reset their password. I decided to register them directly in the reset password. I could put another field in userprofile to track the reset password and circumvent the check, but figured it wasn’t worth it.

How to indicate # failed login attempts to lock an account in MVC 4 w / default simplemembership provider

More articles: