ASP.NET Identity Lockout

21 Oct 2014 ASP.NET

This is another case for why naming things is hard. It might seem obvious to some but I definitely didn’t get this one right away, and I wasn’t the only one.

The LockoutEnabled flag in the ASP.NET Identity 2.0 model means that the user can be locked out, not that the user is locked out.

For a user to be locked out the LockoutEnabled must be true and LockoutEndDateUtc must be greater than the current date. To enable Locking out globally you must set UserLockoutEnabledByDefault to true on the UserManager:

public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
    var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));

	// Enable Lock outs
    manager.UserLockoutEnabledByDefault = true;
    manager.MaxFailedAccessAttemptsBeforeLockout = 5;

    // if you want to lock out indefinitely 200 years should be enough
    manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(365*200);

	....
}

This one was easy to figure out. Because the Microsoft ASP.NET Identity Team is tracking discussions publicly I was able find a work item with a google/bing search. At least they didn’t name it LockoutManager.

James Sturtevant

ASP.NET Identity Lockout

Comments

James Sturtevant

ASP.NET Identity Lockout

Related Posts

Attaching a debugger to a Windows Containerd shim 25 Mar 2023

Setting up the Rust debugger with VS Code on Windows and Linux 04 Mar 2023

Windows I/O completion - One little trick 29 Jan 2023

Comments