Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Disabling account lockout with the SqlMembershipProvider

How do I disable the account lockout feature of the SqlMembershipProvider?

The MSDN documentation for the MaxInvalidPasswordAttempts property does not specify how to disable it. If I can't find the correct way to do it I will set the maxInvalidPasswordAttempts attribute to the maximum value of an int which may effectively achieve the same result.

I'm well aware that disabling account lockout isn't the greatest idea but I need to achieve this in the short term.

like image 897
Martin Hollingsworth Avatar asked Apr 28 '09 06:04

Martin Hollingsworth


1 Answers

Setting the maxInvalidPasswordAttempts attribute to Int32.MaxValue works as I suggested in my question and as illustrated in the web.config fragment below. I've used Reflector to look at the SqlMembershipProvider implementation and cannot see how to disable the account lockout feature explicitly so I'm going to accept this as a solution.

I did not test the suggestion to set PasswordAttemptWindow thoroughly but it cannot be set to 0 (must be a positive integer, i.e a minimum of one minute) so this would not work without also setting the maxInvalidPasswordAttempts attribute high enough to prevent a lockout within a one minute period.

<membership defaultProvider="SqlMembershipProvider">   <providers>     <add name="SqlMembershipProvider" type="..."          maxInvalidPasswordAttempts="2147483647"          />   </providers> 
like image 157
Martin Hollingsworth Avatar answered Sep 24 '22 04:09

Martin Hollingsworth