Skip to main content
All docs
V24.2
.NET Framework 4.6.2+

ISecurityUserLockout Interface

Returns and stores information about user lockout.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.v24.2.dll

NuGet Package: DevExpress.ExpressApp

Declaration

public interface ISecurityUserLockout

Remarks

User lockout is a technique that improves application security. The application locks out a user who fails to enter the correct password several times in a row. Such lockouts protect you against brute force attacks where an attacker repeatedly tries to guess the password.

The Solution Wizard generates the ApplicationUser class that implements this interface automatically.

To support user lockout in existing applications, implement the ISecurityUserLockout interface in the Application User class as demonstrated in the following example:

  1. Implement the ISecurityUserLockout interface in the Application User class as demonstrated in the following example:

    using System.Collections.ObjectModel;
    using System.ComponentModel;
    using DevExpress.ExpressApp.Security;
    using DevExpress.Persistent.Base;
    using DevExpress.Persistent.BaseImpl.EF;
    using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
    
    namespace YourApplicationName.Module.BusinessObjects;
    
    public class ApplicationUser : PermissionPolicyUser, ISecurityUserLockout {
    
        [Browsable(false)]
        public virtual int AccessFailedCount { get; set; }
    
        [Browsable(false)]
        public virtual DateTime LockoutEnd { get; set; }
        //
    }
    
  2. In YourApplicationName.Blazor.Server\Startup.cs file (ASP.NET Core Blazor) or YourApplicationName.Win\Startup.cs file (Windows Forms), set the LockoutOptions.Enabled property to true:

    //...
    using DevExpress.ExpressApp.Security;
    
    namespace YourApplicationName.Blazor.Server;
    
    public class Startup {
        // ...
        public void ConfigureServices(IServiceCollection services) {
    
            services.AddXaf(Configuration, builder => {
                //...
                builder.Security
                    .UseIntegratedMode(options => {
                        options.Lockout.Enabled = true;
                    })
            });
        }
    }
    

Note

.NET Framework applications do not support user lockout.

See Also