Membership.PasswordAttemptWindow 属性

定义

获取时间长度,在该时间间隔内对提供有效密码或密码答案的连续失败尝试次数进行跟踪。Gets the time window between which consecutive failed attempts to provide a valid password or password answer are tracked.

public:
 static property int PasswordAttemptWindow { int get(); };
public static int PasswordAttemptWindow { get; }
member this.PasswordAttemptWindow : int
Public Shared ReadOnly Property PasswordAttemptWindow As Integer

属性值

对未能提供有效密码或密码答案的连续尝试次数进行跟踪的时间长度(以分钟为单位)。The time window, in minutes, during which consecutive failed attempts to provide a valid password or password answer are tracked. 默认值为10分钟。The default is 10 minutes. 如果当前失败尝试和上次失败尝试之间的间隔大于 PasswordAttemptWindow 属性设置,则每个失败尝试均被视为第一次失败尝试。If the interval between the current failed attempt and the last failed attempt is greater than the PasswordAttemptWindow property setting, each failed attempt is treated as if it were the first failed attempt.

示例

下面的代码示例演示 ASP.NET 应用程序的 web.config system.web文件的节中的成员身份元素。The following code example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. 它指定应用程序使用的SqlMembershipProvider实例,并maxInvalidPasswordAttempts将属性设置为passwordAttemptWindow 5 个无效尝试,并将设置为30分钟。It specifies that the application use an instance of the SqlMembershipProvider and sets the maxInvalidPasswordAttempts attribute to five invalid attempts and the passwordAttemptWindow to 30 minutes.

<membership defaultProvider="SqlProvider"   
  userIsOnlineTimeWindow="20">  
  <providers>  
    <add name="SqlProvider"  
      type="System.Web.Security.SqlMembershipProvider"  
      connectionStringName="SqlServices"  
      requiresQuestionAndAnswer="true"  
      maxInvalidPasswordAttempts="5"  
      passwordAttemptWindow="30"  
      applicationName="MyApplication" />  
  </providers>  
</membership>  

注解

PasswordAttemptWindow 属性MaxInvalidPasswordAttempts与属性结合使用,以帮助防止不需要的源通过重复尝试来猜测成员资格用户的密码或密码答案。The PasswordAttemptWindow property works in conjunction with the MaxInvalidPasswordAttempts property to help guard against an unwanted source guessing the password or password answer of a membership user through repeated attempts. 当用户尝试使用、更改或重置其密码时,在指定的时间范围内只允许一定数量的连续尝试。When a user attempts to log in with, change, or reset his or her password, only a certain number of consecutive attempts are allowed within a specified time window. 此时间窗口的长度是在PasswordAttemptWindow属性中指定的,它标识在无效尝试之间允许的分钟数。The length of this time window is specified in the PasswordAttemptWindow property, which identifies the number of minutes allowed between invalid attempts.

如果用户重置其密码的连续失败尝试次数等于MaxInvalidPasswordAttempts属性中存储的值,并且自上次无效尝试以来所经过的时间小于指定PasswordAttemptWindow的分钟数,属性,则会锁定成员资格用户。用户通过将IsLockedOut属性设置为true锁定,直到用户UnlockUser通过调用方法解除锁定。If the number of consecutive failed attempts that a user makes to reset his or her password equals the value stored in the MaxInvalidPasswordAttempts property, and the time elapsed since the last invalid attempt is less than the number of minutes specified in the PasswordAttemptWindow property, then the membership user is locked out. The user is locked out by setting the IsLockedOut property to true until the user is unlocked by a call to the UnlockUser method.

如果当前失败尝试与上次失败尝试之间的间隔大于PasswordAttemptWindow属性设置,则当前的无效尝试将计为第一次。If the interval between the current failed attempt and the last failed attempt is greater than the PasswordAttemptWindow property setting, the current invalid attempt is counted as the first. 如果在达到允许的最大尝试无效次数之前提供了有效密码答案,则无效密码答案尝试的计数将设置为0(零)。If a valid password answer is supplied before the maximum number of allowed invalid attempts is reached, the count of invalid password-answer attempts is set to 0 (zero). 如果在达到允许的最大尝试无效次数之前提供了有效密码,则无效密码尝试次数和无效密码答案尝试计数将设置为0(零)。If a valid password is supplied before the maximum number of allowed invalid attempts is reached, the count of invalid password attempts and the count of invalid password-answer attempts are set to 0 (zero).

无效的密码和密码答案尝试彼此独立地累积。Invalid password and password-answer attempts accumulate independently of one another. 例如,如果MaxInvalidPasswordAttempts设置为5,并且在两次无效密码答案尝试后进行了三次无效的密码尝试,则必须在以下范围内PasswordAttemptWindow进行两次无效的密码尝试(或三个以上的无效密码答案尝试):要锁定的成员资格用户。For example, if the MaxInvalidPasswordAttempts is set to 5, and three invalid password attempts are made followed by two invalid password-answer attempts, two more invalid password attempts (or three more invalid password-answer attempts) must be made within PasswordAttemptWindow for the membership user to be locked out.

在应用程序配置中,通过passwordAttemptWindow使用成员资格配置-元素部分的属性来设置属性值。PasswordAttemptWindowThe PasswordAttemptWindow property value is set in the application configuration by using the passwordAttemptWindow attribute of the membership configuration-element section.

false如果将RequiresQuestionAndAnswer属性设置为,则不会跟踪无效的密码答案尝试。If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.

适用于

另请参阅