Goal
I want to configure .Net core Identity in a way that when a user inserts wrong passwords several times the account gets locked for 5 minutes.
Result
Step 1: Startup.cs
Edit Startup.cs file as below
public void ConfigureServices(IServiceCollection services)
{
// other codes
services.Configure<IdentityOptions>(options =>
{
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
});
}
Step 2: SignInManager
By default, Identity pages are not accessible to be edited, see my post to add the Identity Login page. Then find file /Areas/Identity/Account/Login page. In the code behind, Login.cshtml.cs, find and edit below line
var result = await _signInManager
.PasswordSignInAsync(
Input.Email,
Input.Password,
Input.RememberMe,
// Make Sure This is true
lockoutOnFailure: true);
Please note that this works well for users who register through the app, but might not work for user accounts which are created through seeding the database.
References
Tags ➡
⋅Net Core
Latest Posts
- A C++ MPI code for 2D unstructured halo exchange
- Essential bash customizations: prompt, ls, aliases, and history date
- Script to copy a directory path in memory in Bash terminal
- What is the difference between .bashrc, .bash_profile, and .profile?
- A C++ MPI code for 2D arbitrary-thickness halo exchange with sparse blocks