SqlMembershipProvider.PasswordAttemptWindow 属性

定义

获取时间长度,在该时间间隔内对提供有效密码或密码答案的连续失败尝试次数进行跟踪。Gets the time window between which consecutive failed attempts to provide a valid password or password answers are tracked.

public:
 virtual property int PasswordAttemptWindow { int get(); };
public override int PasswordAttemptWindow { get; }
member this.PasswordAttemptWindow : int
Public Overrides ReadOnly Property PasswordAttemptWindow As Integer

属性值

对未能提供有效密码或密码答案的连续尝试次数进行跟踪的时间长度(以分钟为单位)。The time window, in minutes, during which consecutive failed attempts to provide a valid password or password answers are tracked. 默认值为10分钟。The default is 10 minutes. 如果当前失败尝试和上次失败尝试之间的间隔大于 PasswordAttemptWindow 属性设置,则每个失败尝试均被视为第一次失败尝试。If the interval between the current failed attempt and the last failed attempt is greater than the PasswordAttemptWindow property setting, each failed attempt is treated as if it were the first failed attempt.

示例

下面的代码示例演示 ASP.NET 应用程序的 web.config system.web文件的节中的成员身份元素。The following code example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. 它指定应用程序使用的SqlMembershipProvider实例,并maxInvalidPasswordAttempts将属性设置为passwordAttemptWindow 5 个无效尝试,并将设置为30分钟。It specifies that the application use an instance of the SqlMembershipProvider and sets the maxInvalidPasswordAttempts attribute to five invalid attempts and the passwordAttemptWindow to 30 minutes.

<membership defaultProvider="SqlProvider"   
  userIsOnlineTimeWindow="20">  
    <providers>  
      <add name="SqlProvider"  
        type="System.Web.Security.SqlMembershipProvider"  
        connectionStringName="SqlServices"  
        requiresQuestionAndAnswer="true"  
        maxInvalidPasswordAttempts="5"  
        passwordAttemptWindow="30"  
        applicationName="MyApplication" />  
    </providers>  
</membership>  

注解

PasswordAttemptWindow 属性MaxInvalidPasswordAttempts与属性结合使用,以帮助防止不需要的源通过重复尝试来猜测成员身份用户的密码或密码提示问题答案。The PasswordAttemptWindow property works in conjunction with the MaxInvalidPasswordAttempts property to help guard against an unwanted source guessing the password or the password answer of a membership user through repeated attempts. 当用户尝试登录、更改其密码或重置其密码时,在指定的时间范围内只允许一定数量的连续尝试。When users are attempting to log in, change their password, or reset their password, only a certain number of consecutive attempts are allowed within a specified time window. 时间范围的长度由PasswordAttemptWindow属性指定,该属性用于标识无效尝试之间允许的分钟数。The length of the time window is specified by the PasswordAttemptWindow property, which identifies the number of minutes allowed between invalid attempts. 如果用户重置其密码的连续失败尝试次数等于MaxInvalidPasswordAttempts属性中存储的值,并且自上次无效尝试以来所经过的时间小于指定PasswordAttemptWindow的分钟数属性,则通过将IsLockedOut属性设置为来true锁定成员资格用户。If the number of consecutive failed attempts that a user makes to reset his or her password equals the value stored in the MaxInvalidPasswordAttempts property, and the time elapsed since the last invalid attempt is less than the number of minutes specified for the PasswordAttemptWindow property, then the membership user is locked out by setting the IsLockedOut property to true. 可以通过调用UnlockUser方法来解锁用户。The user can be unlocked by calling the UnlockUser method. 如果当前失败尝试与上次失败尝试之间的间隔大于PasswordAttemptWindow属性设置,则当前的无效尝试将计为第一次。If the interval between the current failed attempt and the last failed attempt is greater than the PasswordAttemptWindow property setting, the current invalid attempt is counted as the first. 如果在达到允许的最大尝试无效次数之前提供了有效密码答案,则无效密码答案尝试的计数将设置为零。If a valid password answer is supplied before the maximum number of allowed invalid attempts is reached, the count of invalid password-answer attempts is set to zero. 如果在达到允许的最大尝试无效次数之前提供了有效密码,则无效密码尝试次数和无效密码答案尝试计数将设置为零。If a valid password is supplied before the maximum number of allowed invalid attempts is reached, the count of invalid password attempts and the count of invalid password-answer attempts are set to zero.

分别SqlMembershipProvider保留无效密码尝试次数和无效密码答案尝试次数。The SqlMembershipProvider keeps count of invalid password attempts and invalid password-answer attempts separately. 无效的密码尝试会导致只增加密码尝试计数器。Invalid password attempts result in only the password-attempt counter being incremented. 无效的密码答案尝试仅导致密码答案计数器递增。Invalid password-answer attempts result in only the password-answer counter being incremented.

PasswordAttemptWindow应用程序配置中, passwordAttemptWindow使用成员资格配置节的属性设置该属性值。The PasswordAttemptWindow property value is set in the application configuration using the passwordAttemptWindow attribute of the membership configuration section.

false如果将RequiresQuestionAndAnswer属性设置为,则不会跟踪无效的密码答案尝试。If the RequiresQuestionAndAnswer property is set to false, invalid password-answer attempts are not tracked.

适用于

另请参阅