problem with maxInvalidPasswordAttempts

[Mich]

Hi,

i use the login control for authentification (in local aspnetdb.mdf file).
The password is "hashed" and sent by mail to the member. Sofar no problem.
I put the maxInvalidPasswordAttempts="2" (so two attempts are allowed) and
passwordAttemptWindow="1" (attempts must occur in one minute).
Now, when i try to log with an invalid password several times, and then type
the right password, i still get the error message and i'm never be able to
login.

Here the whole members settings of web.config:

<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="2"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="1"
passwordStrengthRegularExpression=""/>
</providers>
</membership>

Thanks for help
Mich

 

[Scott Roberts]

When a user tries (and fails) to login to an account more than
"maxInvalidPasswordAttempts" times, the account gets locked. You must unlock
the account before it can be used again. I believe the column name is
"IsLockedOut" and it's in the "aspnet_Membership" table.

 

[Mich]

Thanks

When a user tries (and fails) to login to an account more than
"maxInvalidPasswordAttempts" times, the account gets locked. You must
unlock the account before it can be used again. I believe the column name
is "IsLockedOut" and it's in the "aspnet_Membership" table.