<membership defaultProvider="AspNetMembershipProvider">
<Providers>
<clear/>
<add name="AspNetMembershipProvider" /*名称*/
type = "System.Web.Security.SqlMembershipProvider" / * handler class name, you can implement your own processing class inherits from MemberShipProvider, probably need to implement the method * 21 /
connectionStringName = "ApplicationServices" / * database connection string name * /
enablePasswordRetrieval = "false" / * if allowed to retrieve the password * /
passwordFormat = "Clear" / * password storage format the Clear, Hashed,, the Encrypted * /
enablePasswordReset = "true" / * Allow password reset * /
requiresQuestionAndAnswer = "false" / * need * user password question /
requiresUniqueEmail = "false" / * need a unique e-mail address * /
maxInvalidPasswordAttempts = "5" / * maximum password attempts * /
minRequiredPasswordLength = "6" / * minimum password length * /
length minRequiredNonalphanumericCharicters = "0" / * minimum non-alphanumeric character * /
passwordAttemptWindow = "10" / * get the length of time to provide a valid passwords or answers to track the number of consecutive failed attempts during the time interval. * /
applicationName="/"
/>
</providers>
</membership>
Really I do not understand why this name --PasswordAttemptWindow, Window, Window how is it? Wang Yi students can not name, to check on MSDN, the original meaning of this is:
Bit of a mouthful, Microsoft may think so too, so the 3.5 .NET Framework, interpreted replaced by:
This is just to understand some of the.
We note that describe using the "get" the word on behalf of read-only, to be set, then set up in the configuration file, see: ASP.NET Membership - configuration .
The following is a further explanation of MSDN:
Used with PasswordAttemptWindow property and MaxInvalidPasswordAttempts property can help prevent unwanted source by repeated attempts to guess the membership user's password or password answers. When a user attempts to use his password, to change or reset the password, in a specified time period only allows a certain number of consecutive attempts. The length of time specified in the PasswordAttemptWindow attribute, the attribute identifies the number of minutes between invalid attempts allowed.
If the losing streak when the user attempts to reset his password MaxInvalidPasswordAttempts equal to the value stored in the property, and since the last invalid attempts elapsed time is less than specified number of minutes in PasswordAttemptWindow property, the membership user is locked. By IsLockedOut property to true can lock the user, unless UnlockUser method calls to unlock the user.
If the current attempt fails and the interval between the previous failed attempts is greater than PasswordAttemptWindow property is set, then the current invalid attempt is considered invalid first attempt. If you reach the maximum allowed invalid entered a valid password attempts before the answer, the answer is an invalid password attempt count is set to 0 (zero). If you reach the maximum allowed invalid entered a valid password attempts before the answer, then the invalid password attempts counts and invalid password answer attempts count is set to 0 (zero).
Invalid password attempts and invalid password answer questions independently cumulative. For example, if MaxInvalidPasswordAttempts set to 5, and has carried out three invalid password attempts, followed by two invalid password answer attempts shall then twice invalid password attempts (or three invalid password attempts to answer in the PasswordAttemptWindow ) will lock the membership user.
Reproduced in: https: //www.cnblogs.com/yuanyuan/archive/2011/02/12/1952175.html