Membership.MaxInvalidPasswordAttempts 属性


获取锁定成员资格用户前允许的无效密码或无效密码提示问题答案尝试次数。Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

 static property int MaxInvalidPasswordAttempts { int get(); };
public static int MaxInvalidPasswordAttempts { get; }
member this.MaxInvalidPasswordAttempts : int
Public Shared ReadOnly Property MaxInvalidPasswordAttempts As Integer


锁定成员资格用户之前允许的无效密码或无效密码提示问题答案尝试次数。The number of invalid password or password-answer attempts allowed before the membership user is locked out.


下面的代码示例显示了应用程序的 web.config system.web文件的部分中的成员身份元素。The following code example shows the membership element in the system.web section of an application's Web.config file. 它指定应用程序使用SqlMembershipProvider类的实例来提供成员身份服务,并将该maxInvalidPasswordAttempts属性设置为passwordAttemptWindow 5 次无效尝试,并将设置为30分钟。It specifies that the application use an instance of the SqlMembershipProvider class to provide membership services, and sets the maxInvalidPasswordAttempts attribute to five invalid attempts and the passwordAttemptWindow to 30 minutes.

<membership defaultProvider="SqlProvider"  
  userIsOnlineTimeWindow = "20>  
      applicationName="MyApplication" />  


MaxInvalidPasswordAttempts 属性PasswordAttemptWindow与属性结合使用,以防止不需要的源使用重复尝试来猜测成员资格用户的密码或密码提示问题答案。The MaxInvalidPasswordAttempts property works in conjunction with the PasswordAttemptWindow property to guard against an unwanted source using repeated attempts to guess the password or password answer of a membership user.

如果为成员资格用户输入的无效密码或密码答案的数量大于或等于MaxInvalidPasswordAttempts PasswordAttemptWindow属性指定的分钟数内的属性值,则用户将被锁定在网站之外将属性设置为true ,直到UnlockUser通过调用方法取消锁定用户为止。 IsLockedOutIf the number of invalid passwords or password answers entered for a membership user is greater than or equal to the value of the MaxInvalidPasswordAttempts property within the number of minutes specified by the PasswordAttemptWindow property, then the user is locked out of the Web site by setting the IsLockedOut property to true until the user is unlocked by a call to the UnlockUser method.

如果在达到MaxInvalidPasswordAttempts属性值之前提供了有效密码或密码答案,则跟踪无效尝试次数的计数器将设置为零。If a valid password or password answer is supplied before the value of the MaxInvalidPasswordAttempts property is reached, the counter that tracks the number of invalid attempts is set to zero.

无效的密码和密码答案尝试单独跟踪。Invalid password and password answer attempts are tracked separately. 例如,如果MaxInvalidPasswordAttempts将属性设置为5,则用户最多有5次尝试输入正确的密码,最多5次尝试输入正确的密码答案而不被锁定。For example, if the MaxInvalidPasswordAttempts property is set to 5, the user has up to five attempts to enter a correct password and up to five attempts to enter a correct password answer without being locked out.

属性值是maxInvalidPasswordAttempts使用成员资格配置元素的特性在应用程序配置中设置的。 MaxInvalidPasswordAttemptsThe MaxInvalidPasswordAttempts property value is set in the application configuration using the maxInvalidPasswordAttempts attribute of the membership configuration element.

如果属性为false,则不会跟踪无效的密码答案尝试。 RequiresQuestionAndAnswerIf the RequiresQuestionAndAnswer property is false, invalid password-answer attempts are not tracked.