How to disable account if user login fails continuously in Asp.Net Core identity

asp.net-core asp.net-core-identity asp.net-identity c# entity-framework-core

Question

Currently, I'm using Asp.net core 1.1, EF core & Asp.net core Identity in my system. I have a configure below in startup.cs class for the password policy.

Is there a configure to disable account when a user continuously login fails?

services.Configure<IdentityOptions>(options =>
{
    // Password settings
    options.Password.RequireDigit = true;
    options.Password.RequiredLength = 6;
    options.Password.RequireNonAlphanumeric = true;
    options.Password.RequireUppercase = true;
    options.Password.RequireLowercase = true;
}
1
2
8/30/2017 8:02:42 AM

Accepted Answer

You can simply do it like this

options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;

For more details see this link

7
8/30/2017 8:12:38 AM

Popular Answer

In your account controller, scroll down to public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)

Once there, set shouldLockout to true

var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);


Related Questions





Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow