how to disable lockout feature

Question

User497297161 posted

I use aspnetboilerplate to develop my web application, it is asp.net 5 based and internally use Microsoft Identity system to authenticate and authorize, the columes of user table are as below: 

       [Id]
      ,[AuthenticationSource]
      ,[UserName]
      ,[TenantId]
      ,[EmailAddress]
      ,[Name]
      ,[Surname]
      ,[Password]
      ,[EmailConfirmationCode]
      ,[PasswordResetCode]
      ,[LockoutEndDateUtc]
      ,[AccessFailedCount]
      ,[IsLockoutEnabled]
      ,[PhoneNumber]
      ,[IsPhoneNumberConfirmed]
      ,[SecurityStamp]
      ,[IsTwoFactorEnabled]
      ,[IsEmailConfirmed]
      ,[IsActive]
      ,[LastLoginTime]
      ,[IsDeleted]
      ,[DeleterUserId]
      ,[DeletionTime]
      ,[LastModificationTime]
      ,[LastModifierUserId]
      ,[CreationTime]
      ,[CreatorUserId]

In the web application, whenever creating a new user, set IsActive to true and IsLockoutEnabled to false, however, currently customers report issues when they use the web application, that is sometimes, after serveral access failures, the LockoutEndDateUtc is set and the customer cannot login any longer.

I also set UserLockoutEnabledByDefault to false on the UserManager.

But still the LockoutEndDateUtc is updated after several login failure (e.g. incorrect password).
<sub style="padding: 0px; margin: 0px;"></sub><sup style="padding: 0px; margin: 0px;"></sup>

How to disable lockout completely?

Answer 1

User475983607 posted

How to disable lockout completely?

If you have disabled lockout properly and still the user is locked out, my best guess is custom code is setting the lockout.  Other than that there is not much we can do as we cannot see your code.