Users are most commonly locked out and cannot be validated by the Membership.ValidateUser(string, string) method when the Membership.MaxInvalidPasswordAttempts is reached within the Membership.PasswordAttemptWindow.

Users can also be locked out if you use the MembershipUser.GetPassword(string) or MembershipUser.ResetPassword(string) overload that accepts a password answer and the number of bad answers entered by the user reaches the value of Membership.MaxInvalidPasswordAttempts within the Membership.PasswordAttemptWindow.

Your implementation of this method should set the MembershipUser.IsLockedOut property to false, set the MembershipUser.LastLockoutDate property to the current date, and reset any counters that you use to track the number of failed log in attempts and so forth.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0