-2

I am new to web matrix and web security concept. I used the IsAccountLockedOut(String, Int32, Int32) method to check whether the specified membership account is temporarily locked because of too many failed password attempts in the specified number of seconds. Here the thing is after unlocking (updating unlock date time in Db) the membership account I am locked out again after one bad password, but my database is configured to allow 3 attempts. can you please tell me how to resolve the problem or give unlock code sample.

Dan Is Fiddling By Firelight
  • 5,981
  • 17
  • 77
  • 128
hemachandran
  • 23
  • 1
  • 8

1 Answers1

0

I don't know if it could be useful for you, but the WebMatrix Starter Site template implements in the Account/Login.cshtml page an account lock system that uses the WebSecurity.GetPasswordFailuresSinceLastSuccess() method:

if (WebSecurity.UserExists(email) && 
        WebSecurity.GetPasswordFailuresSinceLastSuccess(email) > 4 &&
        WebSecurity.GetLastPasswordFailureDate(email).AddSeconds(60) > DateTime.UtcNow) 
{
    Response.Redirect("~/Account/AccountLockedOut");
    return;
}

Edited

This snippet takes into consideration the LastPasswordFailureDate and PasswordFailuresSinceLastSuccess fields of the webpages_Membership table and locks an account if the number of failures exceed a given value (4 in the example) for a given number of seconds (60 in the example).

There is no need to manage an "UnlockDateTime" in another table.

GmG
  • 1,372
  • 1
  • 9
  • 10
  • So, how to unlock the account? In our project we are updating "UnlockDateTime" field in Db for Unlocking the user account. Is this correct way? or any other better approach is there? – hemachandran Jul 05 '14 at 07:56