Identity > Execute AccessFailedAsync when providing wrong password in ChangePasswordAsync #26664
Unanswered
ErazerBrecht
asked this question in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I was wondering if there is a reason why AccessFailedAsync is not executed when providing a wrong password when changing it.
Currently we have to rely on our rate limiting infra to prevent a brute force.
I would suggest to add it here
Note: I know it's not that straight forwarded since we would need checks on
SupportsUserLockout
and maybe adding an option to enable it. (Same asCheckPasswordSignInAsync
in theSignInManager
)I would happily create a PR if there isn't really reason to not do it.
Sincerely,
Brecht
Beta Was this translation helpful? Give feedback.
All reactions