Mega Code Archive
Locking Out Bad Users
Two configuration settings control when an account gets locked out: maxInvalidPasswordAttempts, passwordAttemptWindow
Enter a maximum of three bad passwords or bad password answers in one hour.
File: Web.Config