Please add the following field either to WebApplication and WinApplication classes or to their base XafApplication class:
C#protected int maxLogonAttemptsCount = 3;
…and replace the hardcoded value (3) with this field in the following places:
WinApplication.Logon():
C#if(logonAttemptCount < 3) {
.....
}
WebApplication.Logon():
C#if(logonAttemptCount >= 3) {
.....
}