We are using YAF 22.214.171.124. We are trying to configure maxInvalidPasswordAttempts in the web.config with YafMembershipProvider. But it doesn´t work as we expected.
You can try to enter a bad password as many times as you want and the account doesn´t get locked. We also have tried AspNetSqlMembershipProvider and have changed some parameters to fix the problem but nohting changed. I don´t know whether we are doing something
wrong or whether it is a product issue.
This is an extract from our web.config:
<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
<add name="YafMembershipProvider" applicationName="YetAnotherForum" connectionStringName="yafnet" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="true" maxInvalidPasswordAttempts="3" passwordAttemptWindow="2" requiresQuestionAndAnswer="false" useSalt="true" type="YAF.Providers.Membership.YafMembershipProvider" />
Somewhere I read that requiresQuestionAndAnswer had to be set to false in order to work maxInvalidPasswordAttempts. We have tried setting it to true and false with no difference.
Thank you for any help you can provide with this issue.