Shawn,
>Is there any core framework support for locking out a user after they have failed a given number of login attempts?
>
>I've done some searching through the developer guide and UT and can't really find anything talking about this. I thought maybe there would be something like HookUserAuthenticationAttempt but couldn't find anything like that.
>
>So unless there is a switch to flip I guess what I'll do is extend the base classes and add code to do this check.
>
>Does anyone know of a better approach?
You can add logic to your web application's btnLogin_Click() to store a retry count in a session variable and then perform some action if the retry count is exceeded. You need to store the information in a session variable since it's a per-user setting.
Best Regards,
Kevin McNeish
Eight-Time .NET MVP
VFP and iOS Author, Speaker & Trainer
Oak Leaf Enterprises, Inc.
Chief Architect, MM Framework
http://www.oakleafsd.com