Max Invalid Login Attempts with DBMembershipProvider

Topics: ASP.NET 2.0, Business Logic Layer
Feb 12, 2015 at 5:03 PM
I have a client who is running BE 2.9 with SQL 2008 on the back end. After an editor's account was hacked I'd like to implement a maximum number of invalid attempts and a 30 minute lockout window. I know regular SQL based forms authentication you can use maxInvalidPasswordAttempts passwordAttemptWindow parameters on the membership > providers > add node of the web config. I tried this with the DBMembershipProvider but it fails sayng that those are not supported parameters. Any suggections?