How to block a user after a specified failed attempts and unblocking the user after 5 minutes

Question

How to block a user after a specified failed attempts and unblocking the user after 5 minutes

5k Views Asked by Charles Tan At 21 August 2012 at 13:08

I would like to ask how do I block a user after a specified failed attempts. After 30 minutes or whatever time, the user will be able to log in again.. Here's my sample code for log in.

public partial class Login : System.Web.UI.Page
{
    SimplerAES AES = new SimplerAES();
    protected void Page_Load(object sender, EventArgs e)
    {
        Session.Clear();
    }
    protected void btnLogIn_Click(object sender, EventArgs e)
    {

        if (txtUsername.Text == "" || txtPassword.Text == "")
        {
            lblMessage.Visible = true;
            txtUsername.Text = "";
            txtPassword.Text = "";
            lblMessage.Text = "Invalid Username/Password";
        }
        else
        {
            SqlConnection con = new SqlConnection(SeiboLMS.Helper.GetConnectionString());
            con.Open();

            SqlCommand com = new SqlCommand();
            com.Connection = con;
            com.CommandType = CommandType.Text;

            com.CommandText = "SELECT * FROM Users WHERE UserName=@UserName";

            com.Parameters.Add("@UserName", SqlDbType.NVarChar);
            com.Parameters[0].Value = txtUsername.Text;

            SqlDataReader data = com.ExecuteReader();

            if (data != null)
            {
                while (data.Read())
                {
                    if (txtPassword.Text == AES.Decrypt(data["Password"].ToString()))
                    {
                        if (data["UserTypeID"].ToString() == "1")
                        {
                            Session["userid"] = data["UserID"].ToString();
                            Session["usertypeid"] = data["UserTypeID"].ToString();
                            Session["username"] = data["UserName"].ToString();
                            Session["password"] = data["Password"].ToString();
                            Helper.Logs(int.Parse(data["UserID"].ToString()), 1, "Log In Successful");
                            Response.Redirect("Admin/Default.aspx");
                        }
                        else
                        {
                            Session["userid"] = data["UserID"].ToString();
                            Session["usertypeid"] = data["UserTypeID"].ToString();
                            Session["username"] = data["UserName"].ToString();
                            Session["password"] = data["Password"].ToString();
                            Helper.Logs(int.Parse(data["UserID"].ToString()), 1, "Log In Successful");
                            Response.Redirect("Employees/Default.aspx");
                        }

                    }
                    else
                    {
                        lblMessage.Text = "Invalid Username/Password.";
                        txtUsername.Text = "";
                        txtPassword.Text = "";
                    }
                }
            }
            else
            {
                lblMessage.Text = "Invalid Username/Password.";
                txtUsername.Text = "";
                txtPassword.Text = "";
            }

            data.Close();
            con.Close();
            con.Dispose();
        }
    }
}

Please share with me what ideas do you have there. Thank you in advance..

Original Q&A

There are 3 best solutions below

**Seth Flowers** · Answer 1 · 2012-08-21T13:14:12.360000

This question has been answered many times.

Search for c# login with failed attempts

This particular question is very similar. Login - Allow only 3 attempts

The top voted answer by Willem has the following text:

use a MembershipProvider and in your web.config, in system.web you can configure number of attempts and timeouts. Set maxInvalidPasswordAttempts="3" and passwordAttemptWindow="5" for your requirements.

I suggest that if you find this helpful, you go vote up Willems answer.

**Brian** · Answer 2 · 2012-08-21T13:16:27.120000

You can use the MembershipProvider or depending on your database structure, create your own. Lots of ways to accomplish this, but one way is to include login_attempt, lockflag and timestamp columns. I'm guessing you have the login_attempt counter and are incrementing this (and resetting it to zero when successful) Then at login you check the values and if the user is locked check the timestamp to see when and if enough time has lapsed for the account to be unlocked.

**marcoaoteixeira** · Answer 3 · 2012-08-21T13:18:11.577000

Well, what you could do is the following:

1) Add in your users table, a field (DateTime) indicating the time that he/she was blocked by exceeds the maximum login attempts. 2) Add a key in the web.config (AppSettings, perhaps) that indicate how long users that had access blocked must wait until they can try again. 3) When trying to authenticate the user, check if the lock field (DateTime) is null, if it is the user performs the login normally. Otherwise compare the current time with the time it is in this field from the table, if greater than the appsettings value, prevents the user to login.

Hope I helped!

How to block a user after a specified failed attempts and unblocking the user after 5 minutes

There are 3 best solutions below

Related Questions in C#

Related Questions in ASP.NET

Related Questions in AUTHENTICATION

Related Questions in LOGIN-ATTEMPTS

Trending Questions

Popular # Hahtags

Popular Questions