How to Block user if enter morethan 3 times wrong credentials?

Posted by Satyadnet under ASP.NET on 3/29/2009 | Views : 29075 | Status : [Member] | Replies : 5
Hi everybody,
Very urgent:
How to block user account(or : how to block current user who is entering wrong user credentials) , if he enter more than 3 times wrong user credentials .
Using C#.Net.




Responses

Posted by: Poster on: 3/29/2009 [Member] Starter

Up
0
Down
Below is the theoratical solution.

Create an stored procedure with following logic.

On every login attempt increment the login count (another field in the database table) for that user and check that before trying to validate the username and password.

If the login count is equal or more than 3 then block the user else validate the username and password.

Hope this will give you some idea.

Thanks

Satyadnet, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Satyadnet on: 3/29/2009 [Member] Starter

Up
0
Down
Thanks for your valuable reply,
Please can you provide code if it possible(using c#.Net).

Satyadnet, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vuyiswamb on: 3/30/2009 [Member] [MVP] [Administrator] NotApplicable

Up
0
Down
You can try it this way

 


private int Login(String Username, String Password)
{
int Counter = 0;

if (Username == "Admin" && Password == "wowigotin")
{
//Redirect the User to a Page and set the Counter to 0
Counter = 0;
}
else
{
Counter =1; //Add a in the Counter Variable and keep the user on the login page
}

return Counter;

}


the above is the Function that will return a value of 1 if the login is incorrect and 0 if its correct and in your button to can have something like this

   

int Counters = Login(txtusername.Text, txtpassword.Text);

Session["Final_Counter"] = Convert.ToInt32(Session["Final_Counter"]) + Counters;

int Res = Convert.ToInt32(Session["Final_Counter"]);

if (Convert.ToInt32(Session["Final_Counter"]) < 3)
{
//Do nothing
}
else
{
Response.Write("<script>alert('User has been locked');</script>");

Session.Abandon();
}


Now please note that this code is merely used for demostration only, this is the worst thing you should do in the application. i was just trying to give you the idea.

Thank you for posting in .NETFUDA , were are looking forward for your reply .

Vuyiswa Maseko

Thank you for posting at Dotnetfunda
[Administrator]

Satyadnet, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Neeks on: 3/31/2009 [Member] Bronze

Up
0
Down
Hi Vuyiswamb ,
Your code is fine. But it would be better if we store the details in Cookies instead of Session. So that user cannot access the site until he/she deletes the cookies. If we are using the session user can try again.
Thanks for the Post.
Keep coding.....

Satyadnet, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Satyadnet on: 3/31/2009 [Member] Starter

Up
0
Down
Hi Neeks,
Can you provide code , what you are saying please !.

Satyadnet, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response