Last post Jun 13, 2013 09:44 AM by tn
Jun 04, 2013 09:29 AM|tn|LINK
I have a .net web app that uses AD to manager the users, I got the security question and answer working to reset the password (followed this article: http://msdn.microsoft.com/en-us/library/ms998360.aspx)
The problem: Currently AD's Lockout-Threshold is set to 0 so the user can try to login as many times they want. If I set the Lockout-Threshold to 5 attempts
and the account is locked then the security question and answer don't work, cannot reset the password if AD locks the account.
Is there way to lock the account after 5 attempts but allow the user to go though the password Q&A process?
Jun 09, 2013 10:50 AM|smirnov|LINK
I think, your sysadmin can configure AD with an account unlock policy on the domain and set specific time for which a user account is locked out after he entered too many bad passwords. So, account will be automatically unlocked and user could either enter
the password again or try to reset it with security questions. Another way I see is to try membership provider's UnlockUser() method, that can unlock an account from the code. So, you can check if account is locked out (for example, using LastLockoutDate property)
and then call
Jun 13, 2013 09:44 AM|tn|LINK
I knew about the UnlockUser method but was looking for something on the AD side where I don't have to keep track of the failed logins in the db. Thanks.