Login - allow only 3 attempts

Question

Login - allow only 3 attempts

I am creating a new application. I created the login page successfully. Now I need to change the login page. Only 3 attempts are allowed only to the user. If a user mistakenly enters a password more than 3 times (within 5 minutes), his account must be locked. And the error message should be shown as you cannot access your page. Please share your ideas ...

+4

c # asp.net

Jafry Oct 21 '10 at 13:37

source share

5 answers

Willem · Answer 1 · 2010-10-21T13:53:23+0000

use MemberhipProvider and in your web.config, in system.web you can configure the number of attempts and timeouts. Set maxInvalidPasswordAttempts = "3" and passwordAttemptWindow = "5" for your requirements.

<membership defaultProvider="MyMembershipProvider"> <providers> <clear/> <add name="MyMembershipProvider" type="MyMembershipProvider" autogenerateschema="true" connectionStringName="MyConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="8" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="5" passwordStrengthRegularExpression="" applicationName="/" /> </providers> </membership>

This will require some configuration, but if configured correctly (perhaps even using roleprovider), the default asp.net controls can handle almost everything for you by default, even PasswordRecovery and CreateUserWizard. MemberhipProvider automatically generates all the necessary tables for registering users.

The database can be a mdb, ms sqlserver file or a mysql database.

Bobby · Answer 2 · 2010-10-21T13:41:13+0000

Just add int-column to user FailedLogins table. Count it every time it fails, and if the counter is greater than 3, no longer allow logins from this account.

Edit: If you want to reset try after a certain time, you need to add a datetime column (fe LastFailedLogin ) and check if there is enough time to allow further attempts and / or reset the counter.

dhirschl · Answer 3 · 2010-10-21T13:43:02+0000

You need to use the Membership.MaxInvalidPasswordAttempts property to track login attempts.

Here is an example of working code for displaying error messages:

http://forums.asp.net/p/1520434/3652047.aspx

jp2code · Answer 4 · 2010-10-21T13:52:11+0000

How many users are we talking here? 1? Hundreds?

If there is only one, you can create a static int variable and a static DateTime variable. When the program is running, set int nTries to 0 and DateTime staticDate at this time.

Each time you display the login screen, make sure nTries <MAX_TRIES and timeSpan <5 minutes. If timeSpan is more than 5 minutes, set nTries to 0 and update staticDate to Now.

If you enjoy reading / writing text files, you can also easily read / write the number of attempts to / from a text file. In this case, you can have one row for each user if you have a small application with several users (avoid database overhead).

If you have hundreds of users, you will want to use a database. In this database, you can save each user, his last time stamp of login attempts and the number of attempts that he had.

ketan italiya · Answer 5 · 2013-10-24T07:56:12+0000

you can use this code for this,

 //if login failed if (session["loginclient"] != null) { if(Convert.ToInt32(session["loginclient"] ) == 3) Response.Redirect("Forgetpassword.aspx") else session["loginclient"] = Convert.ToInt32(session["loginclient"] ) + 1 } else { session["loginclient"] = 1; }

Login - allow only 3 attempts

More articles: