SqlMembershipProvider.MaxInvalidPasswordAttempts 属性
定义
获取在锁定成员资格用户之前允许的无效密码或密码答案尝试次数。Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.
public:
virtual property int MaxInvalidPasswordAttempts { int get(); };
public override int MaxInvalidPasswordAttempts { get; }
member this.MaxInvalidPasswordAttempts : int
Public Overrides ReadOnly Property MaxInvalidPasswordAttempts As Integer
属性值
锁定成员资格用户之前允许的无效密码或密码答案尝试次数。The number of invalid password or password-answer attempts allowed before the membership user is locked out.
示例
下面的代码示例显示了 ASP.NET 应用程序的 Web.config 文件部分中的 成员身份 元素 system.web 。The following code example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. 它指定应用程序使用的实例 SqlMembershipProvider ,并将 maxInvalidPasswordAttempts 属性设置为5个无效尝试,并将设置为 passwordAttemptWindow 30 分钟。It specifies that the application use an instance of the SqlMembershipProvider and sets the maxInvalidPasswordAttempts attribute to five invalid attempts and the passwordAttemptWindow to 30 minutes.
<membership defaultProvider="SqlProvider"
userIsOnlineTimeWindow="20">
<providers>
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
requiresQuestionAndAnswer="true"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="30"
applicationName="MyApplication" />
</providers>
</membership>
注解
MaxInvalidPasswordAttempts与配合使用 PasswordAttemptWindow 来防止不必要的源通过重复尝试来猜测成员资格用户的密码或密码答案。The MaxInvalidPasswordAttempts works in conjunction with the PasswordAttemptWindow to guard against an unwanted source guessing the password or password answer of a membership user through repeated attempts. 如果为成员资格用户提供的无效密码或密码问题的数量大于或等于属性 MaxInvalidPasswordAttempts 值标识的分钟数中的属性值 PasswordAttemptWindow ,则会通过将属性设置为来锁定成员资格用户, IsLockedOut true 直到使用方法解除锁定用户为止 UnlockUser 。If the number of invalid passwords or password questions supplied for a membership user is greater than or equal to the value of the MaxInvalidPasswordAttempts property within the number of minutes identified by the value of the PasswordAttemptWindow property, then the membership user is locked out by setting the IsLockedOut property to true until the user is unlocked with the UnlockUser method. 如果在达到值之前提供了有效密码 MaxInvalidPasswordAttempts ,则跟踪无效密码和密码答案尝试次数的计数器将重置为零。If a valid password is supplied before the MaxInvalidPasswordAttempts value is reached, the counters that track the number of invalid password and password-answer attempts are reset to zero. 如果在达到值之前提供了有效密码答案 MaxInvalidPasswordAttempts ,则只有跟踪无效密码答案尝试次数的计数器将重置为零。If a valid password answer is supplied before the MaxInvalidPasswordAttempts value is reached, only the counter that tracks the number of invalid password-answer attempts is reset to zero.
将 SqlMembershipProvider 分别保留无效密码尝试次数和无效密码答案尝试次数。The SqlMembershipProvider keeps counts of invalid password attempts and invalid password-answer attempts separately. 无效的密码尝试会导致只增加密码尝试计数器。Invalid password attempts result in only the password-attempt counter being incremented. 无效的密码答案尝试仅导致密码答案计数器递增。Invalid password-answer attempts result in only the password-answer counter being incremented.
在 MaxInvalidPasswordAttempts 应用程序配置中,使用 maxInvalidPasswordAttempts 成员资格 配置节的属性设置该属性值。The MaxInvalidPasswordAttempts property value is set in the application configuration using the maxInvalidPasswordAttempts attribute of the membership configuration section.
如果将 RequiresQuestionAndAnswer 属性设置为 false ,则不会跟踪无效的密码答案尝试。If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.