How to Block user if enter morethan 3 times wrong credentials?

Posted by Satyadnet under ASP.NET on 3/29/2009 | Views : 34224 | Status : [Member] | Replies : 5

Write New Post |

Search Forums | Answered

Resolved Posts |

Un Answered Posts |

Forums Home

Hi everybody,
Very urgent:
How to block user account(or : how to block current user who is entering wrong user credentials) , if he enter more than 3 times wrong user credentials .
Using C#.Net.

Reply | Reply with Attachment

Alert Moderator

Responses

Posted by: Poster on: 3/29/2009 [Member] Starter

0	Below is the theoratical solution. Create an stored procedure with following logic. On every login attempt increment the login count (another field in the database table) for that user and check that before trying to validate the username and password. If the login count is equal or more than 3 then block the user else validate the username and password. Hope this will give you some idea. Thanks Satyadnet, if this helps please login to Mark As Answer. \| Alert Moderator

Below is the theoratical solution.

Create an stored procedure with following logic.

On every login attempt increment the login count (another field in the database table) for that user and check that before trying to validate the username and password.

If the login count is equal or more than 3 then block the user else validate the username and password.

Hope this will give you some idea.

Thanks

Satyadnet, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Satyadnet on: 3/29/2009 [Member] Starter

0	Thanks for your valuable reply, Please can you provide code if it possible(using c#.Net). Satyadnet, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Vuyiswamb on: 3/30/2009 [Member] [MVP] [Administrator] NotApplicable

0	You can try it this way private int Login(String Username, String Password) { int Counter = 0; if (Username == "Admin" && Password == "wowigotin") { //Redirect the User to a Page and set the Counter to 0 Counter = 0; } else { Counter =1; //Add a in the Counter Variable and keep the user on the login page } return Counter; } the above is the Function that will return a value of 1 if the login is incorrect and 0 if its correct and in your button to can have something like this int Counters = Login(txtusername.Text, txtpassword.Text); Session["Final_Counter"] = Convert.ToInt32(Session["Final_Counter"]) + Counters; int Res = Convert.ToInt32(Session["Final_Counter"]); if (Convert.ToInt32(Session["Final_Counter"]) < 3) { //Do nothing } else { Response.Write("<script>alert('User has been locked');</script>"); Session.Abandon(); } Now please note that this code is merely used for demostration only, this is the worst thing you should do in the application. i was just trying to give you the idea. Thank you for posting in .NETFUDA , were are looking forward for your reply . Vuyiswa Maseko Thank you for posting at Dotnetfunda [Administrator] Satyadnet, if this helps please login to Mark As Answer. \| Alert Moderator

You can try it this way

 

 

    private int Login(String Username, String Password)

    {

        int Counter = 0;



        if (Username == "Admin" && Password == "wowigotin")

        {

           //Redirect the User to a Page and set the Counter to 0

            Counter = 0;

        }

        else

        {

            Counter =1; //Add a in the Counter Variable and keep the user on the login page

        }



        return Counter;



    }

the above is the Function that will return a value of 1 if the login is incorrect and 0 if its correct and in your button to can have something like this

   

          int  Counters  = Login(txtusername.Text, txtpassword.Text);



          Session["Final_Counter"] = Convert.ToInt32(Session["Final_Counter"]) + Counters;



          int Res = Convert.ToInt32(Session["Final_Counter"]);



          if (Convert.ToInt32(Session["Final_Counter"]) < 3)

          {

           //Do nothing 

          }

          else

         {

            Response.Write("<script>alert('User has been locked');</script>");

         

            Session.Abandon();

         }

Now please note that this code is merely used for demostration only, this is the worst thing you should do in the application. i was just trying to give you the idea.

Thank you for posting in .NETFUDA , were are looking forward for your reply .

Vuyiswa Maseko

Thank you for posting at Dotnetfunda
[Administrator]

Satyadnet, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Neeks on: 3/31/2009 [Member] Bronze

0	Hi Vuyiswamb , Your code is fine. But it would be better if we store the details in Cookies instead of Session. So that user cannot access the site until he/she deletes the cookies. If we are using the session user can try again. Thanks for the Post. Keep coding..... Satyadnet, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Satyadnet on: 3/31/2009 [Member] Starter

0	Hi Neeks, Can you provide code , what you are saying please !. Satyadnet, if this helps please login to Mark As Answer. \| Alert Moderator

Latest Posts