MembershipProvider.MaxInvalidPasswordAttempts MembershipProvider.MaxInvalidPasswordAttempts MembershipProvider.MaxInvalidPasswordAttempts MembershipProvider.MaxInvalidPasswordAttempts Property


Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

 abstract property int MaxInvalidPasswordAttempts { int get(); };
public abstract int MaxInvalidPasswordAttempts { get; }
member this.MaxInvalidPasswordAttempts : int
Public MustOverride ReadOnly Property MaxInvalidPasswordAttempts As Integer

Property Value

The number of invalid password or password-answer attempts allowed before the membership user is locked out.


For an example of a MembershipProvider implementation, see Implementing a Profile Provider.


The MaxInvalidPasswordAttempts property works in conjunction with the PasswordAttemptWindow property to guard against an unwanted source guessing the password or password answer of a membership user through repeated attempts. If the number of invalid passwords or password questions supplied for a membership user is greater than or equal to the MaxInvalidPasswordAttempts property value within the number of minutes identified by the PasswordAttemptWindow, then the membership user is locked out by setting the IsLockedOut property to true until the user is unlocked by a call to the UnlockUser method. If a valid password or password answer is supplied before the MaxInvalidPasswordAttempts value is reached, the counter that tracks the number of invalid attempts is reset to zero.

Invalid password and password-answer attempts accumulate independently of one another. For example, if the MaxInvalidPasswordAttempts property is set to 5, and three invalid password attempts are made followed by two invalid password-answer attempts, two more invalid password attempts (or three more invalid password-answer attempts) must be made within the PasswordAttemptWindow for the membership user to be locked out.

If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.

Invalid password and password-answer attempts are tracked in the ValidateUser, ChangePassword, ChangePasswordQuestionAndAnswer, GetPassword, and ResetPassword methods.

Applies to

See also