使用UPM成员资格进行帐户锁定 [英] Account locking using UPM membership

问题描述

我已经在我的网站上实现了upm会员资格，但工作正常，但帐户锁定字段不会更新。

u_logon_error_dates，u_password_answer_error_dates字段始终显示为null。有人可以指出我正确的方向来实现帐户锁定吗？

解决方案

<<从MSDN复制>>

时间窗口内允许的错误密码数量的阈值基于提供商的MaxInvalidPasswordAttempts和PasswordAttemptWindow配置属性。使用
相同的配置属性跟踪密码尝试和密码应答尝试。但是，错误的密码尝试和错误的密码应答尝试不是累积的。例如，如果MaxInvalidPasswordAttempts的值为5，则用户可以进行三次失败的登录尝试，然后进行四次失败的密码
回答尝试。由于每种类型的故障限制都低于阈值，因此帐户不会被锁定。

注意：

可以通过删除帐户锁定来关闭帐户锁定用户配置文件中的ProfileSystem.logon_error_dates和ProfileSystem.last_lockedout_date属性。
PasswordLockoutPeriod 的值仅为几分钟。

 

Hi,

i have implemented upm membership in my site and it works fine, but the account locking fields do not update.

u_logon_error_dates, and u_password_answer_error_dates fields always show up null. Can someone please point me in the right direction to implement account locking ?

解决方案

<<Copied from MSDN>>

The threshold for number of allowed bad passwords within a time window is based on the provider’s MaxInvalidPasswordAttempts and PasswordAttemptWindow configuration attributes. Both password attempts and password answer attempts are tracked using the same configuration attributes. However, bad password attempts and bad password answer attempts are not cumulative. For example, if the value for MaxInvalidPasswordAttempts is five, a user can make three failed login attempts followed by four failed password answer attempts. Because the limit for each type of failure is below the threshold, the account is not locked out.

Note:
Account lockout can be turned off by removing the ProfileSystem.logon_error_dates and ProfileSystem.last_lockedout_date properties from the user profile. The value for PasswordLockoutPeriod is in minutes.

 

这篇关于使用UPM成员资格进行帐户锁定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！