Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Failed Login Attempts

Tags:

identityserver4

Does Identity Server 4 supports suspension of accounts after a number of failed login attempts?

I know there are better ways of dealing with failed login attempts, like asking the user for more forms of identification when they eventually successfully log in. But is it easy enough to extend Identity Server 4 to suspend accounts after x amounts of failed logins, by IP address, etc.?

like image 727
Adrian Thompson Phillips Avatar asked Aug 31 '25 16:08

Adrian Thompson Phillips

1 Answers

IdentityServer does not support user lockout by default. You can setup ASP.NET Identity to handle that for you. In fact IdentityServer has a sample integration with ASP.NET Identity. You can setup user lockout in the Identity options in the ConfigureServices method.

services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(1);
    options.Lockout.MaxFailedAccessAttempts = 20;
});

Source: https://github.com/IdentityServer/IdentityServer4.Samples/blob/293622b8438d27f4c9c2574e43fe92a22560ac6b/Quickstarts/6_AspNetIdentity/src/IdentityServerWithAspNetIdentity/Startup.cs#L42

like image 192
user1336 Avatar answered Sep 04 '25 19:09

user1336
Sign in to Comment

Related questions

Htttp 400 Bad Request Request Header is too long
Enable multiple AzureAd in Identityserver4 .NET Core
Client secret validation failed for client, Invalid client secret on Authirization code flow

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!