Skip to main content
All docs
V24.1
.NET 6.0+

DevExpress v24.1 Update — Your Feedback Matters

Our What's New in v24.1 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

ISecurityUserLockout Interface

In This Article

Returns and stores information about user lockout.

Namespace: DevExpress.ExpressApp.Security

Assembly: DevExpress.ExpressApp.v24.1.dll

NuGet Package: DevExpress.ExpressApp

#Declaration

public interface ISecurityUserLockout

#Remarks

User lockout is a technique that improves application security. The application locks out a user who fails to enter the correct password several times in a row. Such lockouts protect you against brute force attacks where an attacker repeatedly tries to guess the password.

The Solution Wizard generates the ApplicationUser class that implements this interface automatically.

To support user lockout in existing applications, implement the ISecurityUserLockout interface in the Application User class as demonstrated in the following example:

  1. Implement the ISecurityUserLockout interface in the Application User class as demonstrated in the following example:

    using System.Collections.ObjectModel;
    using System.ComponentModel;
    using DevExpress.ExpressApp.Security;
    using DevExpress.Persistent.Base;
    using DevExpress.Persistent.BaseImpl.EF;
    using DevExpress.Persistent.BaseImpl.EF.PermissionPolicy;
    
    namespace YourApplicationName.Module.BusinessObjects;
    
    public class ApplicationUser : PermissionPolicyUser, ISecurityUserLockout {
    
        [Browsable(false)]
        public virtual int AccessFailedCount { get; set; }
    
        [Browsable(false)]
        public virtual DateTime LockoutEnd { get; set; }
        //
    }
    
  2. In YourApplicationName.Blazor.Server\Startup.cs file (ASP.NET Core Blazor) or YourApplicationName.Win\Startup.cs file (Windows Forms), set the LockoutOptions.Enabled property to true:

    //...
    using DevExpress.ExpressApp.Security;
    
    namespace YourApplicationName.Blazor.Server;
    
    public class Startup {
        // ...
        public void ConfigureServices(IServiceCollection services) {
    
            services.AddXaf(Configuration, builder => {
                //...
                builder.Security
                    .UseIntegratedMode(options => {
                        options.Lockout.Enabled = true;
                    })
            });
        }
    }
    

Note

.NET Framework applications do not support user lockout.

See Also