The Membership.MaxInvalidPasswordAttempts property works in conjunction with the Membership.PasswordAttemptWindow property to guard against an unwanted source using repeated attempts to guess the password or password answer of a membership user.

If the number of invalid passwords or password answers entered for a membership user is greater than or equal to the value of the Membership.MaxInvalidPasswordAttempts property within the number of minutes specified by the Membership.PasswordAttemptWindow property, then the user is locked out of the Web site by setting the MembershipUser.IsLockedOut property to true until the user is unlocked by a call to the MembershipUser.UnlockUser method.

If a valid password or password answer is supplied before the value of the Membership.MaxInvalidPasswordAttempts property is reached, the counter that tracks the number of invalid attempts is set to zero.

Invalid password and password answer attempts are tracked separately. For example, if the Membership.MaxInvalidPasswordAttempts property is set to 5, the user has up to five attempts to enter a correct password and up to five attempts to enter a correct password answer without being locked out.

The Membership.MaxInvalidPasswordAttempts property value is set in the application configuration using the maxInvalidPasswordAttempts attribute of the membership configuration element.

If the Membership.RequiresQuestionAndAnswer property is false, invalid password-answer attempts are not tracked.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0