It looks like some of the plumbing is here for this feature, but without diving in too deeply, it looks like it's not complete. I've set the shouldLockout to true, but that doesn't have any effect on the AccessFailedCount value in the ApplicationUsers document with failed login attempts.
It looks like some of the plumbing is here for this feature, but without diving in too deeply, it looks like it's not complete. I've set the shouldLockout to true, but that doesn't have any effect on the AccessFailedCount value in the ApplicationUsers document with failed login attempts.