Hi Radzen Team,
I have a couple of questions perhaps you could advise on.
Question 1
When using standard forms based security is it possible to implement account Lockout policy. E.G if a user enters an incorrect password 3 times the account is automatically locked for a period of time.
I added the following code to Startup.Custom.cs and added a New user but it does not work as expected. After several repeated failed attempts the sql table AspNetUsers AccessFailedCount is still 0 (although LockoutEnabled=1).
Core 2.2
https://www.radzen.com/documentation/custom-security-password-policy/
services.Configure<IdentityOptions>(options =>
{
options.Lockout.MaxFailedAccessAttempts =3;
//lockout for 1 hour
options.Lockout.DefaultLockoutTimeSpan= new TimeSpan(0, 1, 0, 0, 0);
});
Question 2
TokenProviderOptions.cs creates a SymmetricSecurityKey using a predefined key as a parameter. Should this key be customized to increase security? If so how to customise as this file is automatically generated.
Thanks