Through brute force, such a program might be able to stumble upon a user's password, especially if the password is weak.
To prevent such brute force attacks, the Membership framework locks out a user if there are a certain number of unsuccessful login attempts within a certain period of time.
To prevent this, it is essential to encrypt the network traffic by using Secure Socket Layers (SSL).
This will ensure that the credentials (as well as the entire page's HTML markup) are encrypted from the moment they leave the browser until they are received by the web server.
Or, if you have not yet created an account, go ahead and create one from the .
In Step 4 we will see how to show a more detailed message to the user when their login attempt fails. Using the Login control saves us the work of having to create the interface to collect the visitor�s credentials.
In this tutorial we will examine how to validate a user's credentials against the Membership user store using both programmatic means and the Login control.
We will also look at how to customize the login control's appearance and behavior.
These credentials are then compared against the user store.
If they are valid, then the user is granted a forms authentication ticket, which is a security token that indicates the identity and authenticity of the visitor.