MembershipProvider limit no effect.

[ad]

I have set some limit of MembershipProvider in web.config.

<add name="MyMembershipProvider" type="MyMembershipProvider"
MaxInvalidPasswordAttempts="3" MinRequiredPasswordLength="6" />

But it no effect when valid user and change password.

How can I do?

 

[Jon Paal]

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MyConnectionstring"
minRequiredPasswordLength="4"
minRequiredNonalphanumericCharacters="0"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
passwordStrengthRegularExpression="" />
</providers>
</membership>

 

[Juan T. Llibre]

Maybe 10 minutes is too long for the MaxInvalidPasswordAttempts property ?

The MaxInvalidPasswordAttempts property works in conjunction with the PasswordAttemptWindow
property to guard against an unwanted source using repeated attempts to guess the password
or password answer of a membership user.

If the number of invalid passwords or password answers entered for a membership user is greater
than or equal to the value of the MaxInvalidPasswordAttempts property within the number of minutes
specified by the PasswordAttemptWindow property, then the user is locked out of the Web site by
setting the IsLockedOut property to true until the user is unlocked by a call to the UnlockUser
method.

Try :

passwordAttemptWindow="2"



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================

 

[Juan T. Llibre]

Typo...

Maybe 10 minutes is too long for the MaxInvalidPasswordAttempts property ?

Should have been :

Maybe 10 minutes is too long for the passwordAttemptWindow property ?

Sorry...

Try :

passwordAttemptWindow="2"



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================

 

[ad]

Dose we need implement these features in my custom Membership provider or
just set these feature in web.config?

 

[Juan T. Llibre]

Unless you are creating a Custom Membership Provider from scratch
( I doubt that ), you will be *inheriting* from System.Web.Security.MembershipProvider.

As such, *all* the features in the the Membership Provider class
are available to you in your inherited, custom, class.



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================