Asp.net maxInvalidPasswordAttempts不工作

我正在尝试对一个实时数据库使用帐户锁定。我发现一个教程说我需要修改web.config文件。我已经这样做了，但是锁定仍然不起作用。下面是我的web.config文件的副本。出于安全考虑，我已删除敏感数据库信息。webapi和实际登录页面位于两个不同的项目中是否重要？我使用AJAX调用将信息传递给webapi

<connectionStrings>
  <add name="DefaultConnection"
    connectionString="Persist Security Info=False;Initial Catalog=Security;server=;user id=;password=;"
    providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings></appSettings>
<system.web>
  <authentication mode="None" />
  <compilation debug="true" targetFramework="4.5.1" />
  <httpRuntime targetFramework="4.5.1" />
  <membership defaultProvider="AspNetSqlMembershipProvider">
    <providers>
      <clear />
      <add name="AspNetSqlMembershipProvider"
        type="System.Web.Security.SqlMembershipProvider"
        connectionStringName="DefaultConnection"
        maxInvalidPasswordAttempts="1"
        minRequiredPasswordLength="6"
        passwordAttemptWindow="10"
        applicationName="/" />
    </providers>
  </membership>
</system.web>

---

}

您能给我们看一下您的登录表单页面代码吗？当然可以。现在应该起床了。

login.userLogin = function (username, password) {
jQuery.support.cors = true;
var error = '';
$.ajax({
    url: 'http://localhost:60690/token',
    method: 'POST',
    data: {
        username: username,
        password: password,
        grant_type: 'password'
    },
    success: function (response) {
        $('#divLoginError').addClass('Hidden');
        sessionStorage.setItem('accessToken', response.access_token);
        sessionStorage.setItem('refreshToken', response.refresh_token);
        sessionStorage.setItem('username', response.userName);
        sessionStorage.setItem('expirationDatetime', moment().add(response.expires_in, 'seconds').format());
        window.location = 'index.html';
    },
    error: function (jqXHR) {
        var responseText = jqXHR.responseJSON;
        $('#lblLoginError').text(responseText.error_description);
        $('#divLoginError').removeClass('Hidden');
    }
});