Hi D-Bar, its better to write a stored procedure for this.
Suppose i have a table Customers (UserName, Password, IsActive)
Maintain a separate table LoginFailedUsers with (Username,Attempts,DateTimeOfLock).Each time when a user gets logged in
1.(IF) Check whether username actually exists or not.
2.(IF) UserName exists and User's credentials are correct and IsActive is true.
2.(ELSE) If not, Insert this username into LoginFailedUsers with attempt count as 1.
If next time the user tries to make wrong attempts with the username existing in the loginFailedUsers then increase the attemptscount.
Under this else, check if the count is greater than or equal to 3. If it reaches 3 then lock the user. At this time i.e user a/c lock only, you can set the current date time and IsActive in the Customers table to False. so that you can maintain a time difference after which user account gets activated as well as you can show a time difference message like "3 Attempts failed,Your account has been temporarily blocked.. you can access it after 3 minutes."
3.Take a outparameter value no of attempts failed, so that you can show to the user the number of attempts left to login.
4.For each if and else case, return some value depending on which a switch case statement can be used in the aspx page and accordingly a message can be rendered to the user.
By the above case, if we use static type also.. we cannot do that way bcoz it doesnot maintain isolation among different users.
Still not clear, let me know.
Regards,D-Bar, if this helps please login to Mark As Answer. | Alert Moderator