Since we don’t have a direct way to indicate that some user will be locked, the only way I got to do that, was forcing a wrong login multiple times, until reach the maximum attempts defined on “maxInvalidPasswordAttemps” attribute.
When we use ASP.NET Membership, on web.config file you have something like this:
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyAppConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" applicationName="MyAppName" />
And the code I use is:
public static bool LockUser(MembershipUser user)
{
try
{
for (int i = 0; i < Membership.MaxInvalidPasswordAttempts; i++)
Membership.ValidateUser(user.UserName, "thisisandummypasswordonlytolocktheuser");
return user.IsLockedOut;
}
catch (Exception)
{
throw;
}
}
Hope it helps.