ISecurityUserLockout Interface
Returns and stores information about user lockout.
Namespace: DevExpress.ExpressApp.Security
Assembly: DevExpress.ExpressApp.v24.2.dll
NuGet Package: DevExpress.ExpressApp
Declaration
Remarks
User lockout is a technique that improves application security. The application locks out a user who fails to enter the correct password several times in a row. Such lockouts protect you against brute force attacks where an attacker repeatedly tries to guess the password.
The Solution Wizard generates the ApplicationUser
class that implements this interface automatically.
To support user lockout in existing applications, implement the ISecurityUserLockout
interface in the Application User class as demonstrated in the following example:
Implement the
ISecurityUserLockout
interface in the Application User class as demonstrated in the following example:using System.Collections.ObjectModel; using System.ComponentModel; using DevExpress.ExpressApp.Security; using DevExpress.Persistent.Base; using DevExpress.Persistent.BaseImpl.EF; using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy; namespace YourApplicationName.Module.BusinessObjects; public class ApplicationUser : PermissionPolicyUser, ISecurityUserLockout { [Browsable(false)] public virtual int AccessFailedCount { get; set; } [Browsable(false)] public virtual DateTime LockoutEnd { get; set; } // }
In YourApplicationName.Blazor.Server\Startup.cs file (ASP.NET Core Blazor) or YourApplicationName.Win\Startup.cs file (Windows Forms), set the LockoutOptions.Enabled property to
true
://... using DevExpress.ExpressApp.Security; namespace YourApplicationName.Blazor.Server; public class Startup { // ... public void ConfigureServices(IServiceCollection services) { services.AddXaf(Configuration, builder => { //... builder.Security .UseIntegratedMode(options => { options.Lockout.Enabled = true; }) }); } }
Note
.NET Framework applications do not support user lockout.