Currently, I'm using Asp.net core 1.1, EF core & Asp.net core Identity in my system. I have a configure below in startup.cs
class for the password policy.
Is there a configure to disable account when a user continuously login fails?
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 6;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
}
You can simply do it like this
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
For more details see this link
In your account controller, scroll down to public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
Once there, set shouldLockout
to true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.