Lockout a user account after several failed login attempts in ASP.NET Identity

Introduction


In order to lockout a user account in ASP.NET Identity after several failed login attempts, we use the shouldLockout property.

Usage


All you have to do is to set the shouldLockout property to true in the SignIn method like this : 

var result = SignInManager.PasswordSignIn(model.Email, model.Password, model.RememberMe, shouldLockout: true);

This enables login failures to trigger account lockout. By default, ASP.NET Identity is programmed to lockout a user for 5 minutes after 5 failed login attempts. To change this default behaviour, go to App_Start > IdentityConfig.cs and change the default configuration depending on your requirements. 

// Configure user lockout defaults
manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(5); // lockout timespan
manager.MaxFailedAccessAttemptsBeforeLockout = 5; // number of failed login attempts before lockout

The number of current failed login attempts performed by a user is stored in the AccessFailedCount property.

user properties in asp.net identity

Note : After reaching the value defined in the MaxFailedAccessAttemptsBeforeLockout property, the value of the AccessFailedCount property gets reset automatically to 0 .

See also



About

DotNet tutorials is a website for beginners and professionals of the .NET framework. This website contains articles and solutions for different technical problems.

Contacts

Phone: +33 675572397
Email: abdrahmanbayan@gmail.com
2020 © DotNet Tutorials By Abderrahmane BAYANE