APM Sharepoint authentication
Published Apr 20, 2016
Version 1.0Was this article helpful?
Hi Stanislas,
if you're going to implement an account lockout then make sure you issue
after "[PROFILE::access min_failure_delay]000"
before sending the lockout 401 response. Otherwise it will be possible for an attacker to detect that the lockout is active.
Cheers, Kai