block user account after 3 invalid attempts ,it is web based site

Question

2.00/5 (1 vote)

See more:

Hi folk's

I have a query regarding blocking a user account after 3 invalid user attempts it is web based application ,i want to block user account after 3 invalid account,

my code is in this way.....

C#

static  DataTable dt = new DataTable();//getting the user name from db
    
   DataRow row ;
    Loginbal objbal = new Loginbal();
    public void  count_log()
    { 
        
        BAL_ClassLibrary.Rcm_service.LoginEntities get_login_details = login_values();
        int count = Convert.ToInt32(Session["logincount"]);//placing count value in session
        Session["loginuid"] = txt_username.Text.Trim();//placing username in session
        string username=get_login_details.username1;
        if (dt.Rows.Count > 0)
        {
            if (username == dt.Rows[0]["UserName"].ToString())
            {
                if (Convert.ToInt32(Session["logincount"]) >= 3)//chech if count is >= 3
                {
                    objbal.account_block(get_login_details);
                    ScriptManager.RegisterClientScriptBlock(Page, Page.GetType(), "Result", "alert('*Your Account is blocked')", true);
                    Session["logincount"] = 0;
                }
                else
                {
                    count += 1;//incrementing count invalid attempt
                    Session["logincount"] = count;
                    ScriptManager.RegisterClientScriptBlock(Page, Page.GetType(), "Result", "alert('*The username or password you entered is incorrect!')", true);
                }

            }
            else
            {                
                int rowcount = dt.Rows.Count;
             dt.Rows[0]["UserName"] = username;
             Session["logincount"] = 1;
             ScriptManager.RegisterClientScriptBlock(Page, Page.GetType(), "Result", "alert('*The username or password you entered is incorrect!')", true);
            }
        }
        else
        {
            dt.Columns.Add("UserName", typeof(System.String));
            row = dt.NewRow();
            int rowcount = dt.Rows.Count;
            row["UserName"]=username;
            dt.Rows.Add(row);
            Session["logincount"] = 1;
            ScriptManager.RegisterClientScriptBlock(Page, Page.GetType(), "Result", "alert('*The username or password you entered is incorrect!')", true);
        }                        
    }

i calling this fun when authentication is failed ...

It is working fine after three invalid attempt in database i have column just changing the flag active to inactive

Is fun() make any problem when huge number of users is accessing ...

because i am using static data-set to store the username and further to compare the username ...

please make doubt clear as soon as possible.....

plz help me out

Posted 4-Oct-12 1:54am

mahesh.b.p.c

Updated 4-Oct-12 2:00am

Kenneth Haugland

v2

Add a Solution

Comments

S@53K^S 4-Oct-12 9:11am

What is your problem ? Could you please outline the problem rather asking "Is fun() make any problem when huge number of users is accessing".This forum is to help your to solve the problem if your have ,not anticipate the problem that you may have.If you are doubtful abt "fun()" failing when huge number of users access please perform a load test with the scenario.

static variables and sessions are bound to cause issues if you do not handle them properly.

mahesh.b.p.c 4-Oct-12 9:43am

the above given function is to block the user account after 3 invalid attempts,
I coded in this way ,getting the invalid userid and placing the userid in a static dataset and incrementing the count and storing in a session every time....
when ever user reaches count=3 that user must be blocked....the above code is working fine but when 100 of user is accessing the application is it works fine i have doubt , and my client saying that when multiple number of users access the application then some users are blocking and some user r not blocking.....i want to be resolved this doubt

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

senguptaamlan · Answer 1 · 2012-10-04T10:35:00

Implement the following thing in your code.

1. In the user table make a field like loginAttempt.
2. Whenever the authentication fails update that field by 1
3. At the time of authentication check the loginAttempt field value if >= 3 bypass the user authentication process and redirect the user to a page with a proper message.
4. If the user authentication passes, reset loginAttempt value to 0

I've given the steps, now its your turn to write the code.

I believe this logic solves your problem without any hiccups.