Authentication Authorization ASP.Net Tutorial

Two configuration settings control when an account gets locked out: maxInvalidPasswordAttempts, passwordAttemptWindow
Enter a maximum of three bad passwords or bad password answers in one hour.
File: Web.Config

  
    
    
      
                  name="MyProvider"
          type="System.Web.Security.SqlMembershipProvider"
          maxInvalidPasswordAttempts="3"
          passwordAttemptWindow="60"
          connectionStringName="LocalSqlServer"/>