I know I can put the
LockedDate in the
User table. But I want a difference between an user that is Locked (because of invalid login-attempts) and a user I have marked as "disabled" or "not-active". Do I need to manage this myself (chaging the schema of the table)? Or is there a way to do this?
InvalidLoginAttempts will hold how many failed attempts they had, or you can use something like
DateTime.MinValue to indicate as such.
Otherwise you can override the existing behavior by overriding
IsAccountLocked() in a Custom AuthProvider:
Ok; LockedDate will be the goto solution, and I will use a valid DateTime.MinValue for SQLServer to implement my own logic to indicate a user has been inactivated from the system.
Thanks for your insight.