SqlMembershipProvider.MaxInvalidPasswordAttempts 属性

定义

获取锁定成员资格用户前允许的无效密码或无效密码提示问题答案尝试次数。Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

public:
 virtual property int MaxInvalidPasswordAttempts { int get(); };
public override int MaxInvalidPasswordAttempts { get; }
member this.MaxInvalidPasswordAttempts : int
Public Overrides ReadOnly Property MaxInvalidPasswordAttempts As Integer

属性值

锁定成员资格用户之前允许的无效密码或无效密码提示问题答案尝试次数。The number of invalid password or password-answer attempts allowed before the membership user is locked out.

示例

下面的代码示例演示 ASP.NET 应用程序的 web.config system.web文件的节中的成员身份元素。The following code example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. 它指定应用程序使用的SqlMembershipProvider实例,并maxInvalidPasswordAttempts将属性设置为passwordAttemptWindow 5 个无效尝试,并将设置为30分钟。It specifies that the application use an instance of the SqlMembershipProvider and sets the maxInvalidPasswordAttempts attribute to five invalid attempts and the passwordAttemptWindow to 30 minutes.

<membership defaultProvider="SqlProvider"   
  userIsOnlineTimeWindow="20">  
    <providers>  
      <add name="SqlProvider"  
        type="System.Web.Security.SqlMembershipProvider"  
        connectionStringName="SqlServices"  
        requiresQuestionAndAnswer="true"  
        maxInvalidPasswordAttempts="5"  
        passwordAttemptWindow="30"  
        applicationName="MyApplication" />  
    </providers>  
</membership>  

注解

与配合使用来防止不必要的源通过重复尝试来猜测成员资格用户的密码或密码答案。 PasswordAttemptWindow MaxInvalidPasswordAttemptsThe MaxInvalidPasswordAttempts works in conjunction with the PasswordAttemptWindow to guard against an unwanted source guessing the password or password answer of a membership user through repeated attempts. 如果成员资格用户提供的无效密码或密码问题数大于或等于属性值MaxInvalidPasswordAttempts PasswordAttemptWindow标识的分钟数中的属性值,则成员资格用户通过将IsLockedOut属性设置为true锁定状态,直到UnlockUser用户通过方法解锁。If the number of invalid passwords or password questions supplied for a membership user is greater than or equal to the value of the MaxInvalidPasswordAttempts property within the number of minutes identified by the value of the PasswordAttemptWindow property, then the membership user is locked out by setting the IsLockedOut property to true until the user is unlocked with the UnlockUser method. 如果在达到MaxInvalidPasswordAttempts值之前提供了有效密码,则跟踪无效密码和密码答案尝试次数的计数器将重置为零。If a valid password is supplied before the MaxInvalidPasswordAttempts value is reached, the counters that track the number of invalid password and password-answer attempts are reset to zero. 如果在达到MaxInvalidPasswordAttempts值之前提供了有效密码答案,则只有跟踪无效密码答案尝试次数的计数器将重置为零。If a valid password answer is supplied before the MaxInvalidPasswordAttempts value is reached, only the counter that tracks the number of invalid password-answer attempts is reset to zero.

SqlMembershipProvider分别保留无效密码尝试次数和无效密码答案尝试次数。The SqlMembershipProvider keeps counts of invalid password attempts and invalid password-answer attempts separately. 无效的密码尝试会导致只增加密码尝试计数器。Invalid password attempts result in only the password-attempt counter being incremented. 无效的密码答案尝试仅导致密码答案计数器递增。Invalid password-answer attempts result in only the password-answer counter being incremented.

MaxInvalidPasswordAttempts应用程序配置中, maxInvalidPasswordAttempts使用成员资格配置节的属性设置该属性值。The MaxInvalidPasswordAttempts property value is set in the application configuration using the maxInvalidPasswordAttempts attribute of the membership configuration section.

false如果将RequiresQuestionAndAnswer属性设置为,则不会跟踪无效的密码答案尝试。If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.

适用于

另请参阅