AspNetCore.Identity LockoutOptions.AllowedForNewUsers属性

Question

I'm trying to understand what the purpose of the AllowedForNewUsers property is for. The documentation states that it:

Gets or sets a flag indicating whether a new user can be locked out. Defaults to true.

But this simply doesn't tell me anything of use, at face value it means that new users can be locked out but that's simply nonsensical since you already have the standard lockout feature.

I've even checked the Git change log for when it was implemented but that was also of no help.

    /// Gets or sets a flag indicating whether users can be locked out after creation.
    /// </summary>
    /// <value>
    /// True if a newly created user can be locked out, otherwise false.
    /// </value>
    /// <remarks>
    /// Defaults to true.
    /// </remarks>
    public bool AllowedForNewUsers { get; set; } = true;

Any guidance would be highly appreciated.

Answer 1

Since the "lock out on incorrect number of failed password attempts" is an opt-in per user, the value for LockoutOptions.AllowedForNewUsers will cause the IdentityUser<TKey>.LockoutEnabled value to be set the same when creating a new user.

So if LockoutOptions.AllowedForNewUsers is true then the IdentityUser<TKey>.LockoutEnabled will also be set to true and thus cause the user to be locked out after LockoutOptions.MaxFailedAccessAttempts .

• IdentityUser.LockoutEnabled
• LockoutOptions.AllowedForNewUsers
• LockoutOptions.MaxFailedAccessAttempts

Thank you Kirk Larkin for posting the link to this site which helps fill in a bunch of the blanks.