Tutorial :Disabling account lockout with the SqlMembershipProvider



Question:

How do I disable the account lockout feature of the SqlMembershipProvider?

The MSDN documentation for the MaxInvalidPasswordAttempts property does not specify how to disable it. If I can't find the correct way to do it I will set the maxInvalidPasswordAttempts attribute to the maximum value of an int which may effectively achieve the same result.

I'm well aware that disabling account lockout isn't the greatest idea but I need to achieve this in the short term.


Solution:1

Setting the maxInvalidPasswordAttempts attribute to Int32.MaxValue works as I suggested in my question and as illustrated in the web.config fragment below. I've used Reflector to look at the SqlMembershipProvider implementation and cannot see how to disable the account lockout feature explicitly so I'm going to accept this as a solution.

I did not test the suggestion to set PasswordAttemptWindow thoroughly but it cannot be set to 0 (must be a positive integer, i.e a minimum of one minute) so this would not work without also setting the maxInvalidPasswordAttempts attribute high enough to prevent a lockout within a one minute period.

<membership defaultProvider="SqlMembershipProvider">    <providers>      <add name="SqlMembershipProvider" type="..."           maxInvalidPasswordAttempts="2147483647"           />    </providers>  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »