Asp.net Membership Lock Out

I am using the standard asp.net membership provider. I have users who
forget their password. They attempt to login 5 times and they get
locked out. The membership configuration in web.config follows.

<add connectionStringName="SomeDB" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="SomeApp" requiresUniqueEmail="true"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"/>

Once the user is locked out, the reset password doesn't work. I have
to unlock the user before it will send a new password. Is this the
correct operation of this feature? Do I have to manually unlock these
users before they can retrieve a new password?

Thanks.

Rob
.

Relevant Pages

  • Re: Membership custom provider - logout function
    ... It's a pitty the membership provider doesn't save state (login status)... ... Amitai ... >>> turn makes FormsAuthentication to emit a 302 to the login page. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Login page for windows integrated
    ... I have an asp.net 2.0 website running with Windows integrated security ... instead of the standard windows login prompt. ... I have found a Membership provider for Active Directory users so it ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: redirect user to login after page has expired asp.net 2.0
    ... You do not have to specify the login information in the web.config at all. ... If you are using the Membership Provider, ...
    (microsoft.public.dotnet.languages.csharp)
  • How to implement a automatic login function
    ... now I am using a asp.net login control and a customized ... membership provider to do the form authentication. ...
    (microsoft.public.dotnet.framework.aspnet)