Hello Venkatesh, you can check my previously mentioned solution for this:
Please refer: http://www.dotnetfunda.com/forums/thread12012-tracking-failed-login-attempts.aspx
Most of us think that, including a static variable will solve the issue. But, if you want to differentiate number of attempts among the users.. user level isolation cant be solved through this. Hence, i suggest you to follow the following SP.
This serves a series of sequential steps and a clear cut algorithm:
Its better to write a stored procedure for this.
Suppose i have a table Customers (UserName, Password, IsActive)
Maintain a separate table LoginFailedUsers with (Username,Attempts,DateTimeOfLock).Each time when a user gets logged in
1.(IF) Check whether username actually exists or not.
2.(IF) UserName exists and User's credentials are correct and IsActive is true.
2.(ELSE) If not, Insert this username into LoginFailedUsers with attempt count as 1.
If next time the user tries to make wrong attempts with the username existing in the loginFailedUsers then increase the attemptscount.
Under this else, check if the count is greater than or equal to 3. If it reaches 3 then lock the user. At this time i.e user a/c lock only, you can set the current date time and IsActive in the Customers table to False. so that you can maintain a time difference after which user account gets activated as well as you can show a time difference message like "3 Attempts failed,Your account has been temporarily blocked.. you can access it after 3 minutes."
3.Take a outparameter value no of attempts failed, so that you can show to the user the number of attempts left to login.
4.For each if and else case, return some value depending on which a switch case statement can be used in the aspx page and accordingly a message can be rendered to the user.
Each time a user attempts to login whether with correct credentials or not, check the is active as well as date time (if locked) and see the time difference and allow the user to log in.
By the above case, if we use static type also.. we cannot do that way bcoz it doesnot maintain isolation among different users.
Still not clear, let me know.
Narla.Venkatesh, if this helps please login to Mark As Answer. | Alert Moderator