You can write and register a custom ApplicationListener, then check for the authentication failure event... you can do something to update the failed logon attempts, then on subsequent logon attempts you will probably have to check the logon attempts count.... something like that.
Acegi does not provide something out of the box, mainly because you will need to "do something" on failed logons... you need to "update" that user account details... so most of the time you will have a (transactional) service layer for user mgmt.
I did the above ... wrote a listener, and injected my user mgmt service into the listener so I could update the users failed logon attempts... then in the logon process if it goes over the desired threshold I make sure the account disabled flag is set.
Cheers,
Mark
On 1/19/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]
> wrote:
Iit seems to me or there is no way to set up acegi with an account blocker that is called after a specified number of consecutive failed authentication (not authorization) attemps for the same username?
