How to restrict after three times attempted user in asp.net

Question

5.00/5 (1 vote)

See more:

C#

ASP.NET

I want to restrict user who has login more then three time how can i do this.

Posted 8-Aug-11 23:49pm

Amod Kumar Jaiswal

Add a Solution

6 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**AmitGajjar** · Answer 1 · 2011-12-05T02:03:00

Solution 4

Hi,

Add one column in your login table i.e. LoginAttempt.

1) Update LoginAttempted value in login stored procedure / query.
2) After successful login , reset to 0(zero).
3) on each login you can check LoginAttempted column value and do particular action on it. like restrict him or give him some message.

hope this will help you,
thanks
-amit.

Posted 5-Dec-11 2:03am

AmitGajjar

Comments

Member 12210282 26-Nov-21 3:45am

this UserID based solution but there should be IP based solution

sujit0761 · Answer 2 · 2011-08-08T23:58:00

There are two option with you;

1. Either use a ASP.net membership provider class it has a default functionality implemented which locks he users after a certain unsuccessfull login attempts.

2. Add a cloumn"IsLockedOut" of datatype boolean ,to your user table and while a user attemts to login just count the number of attempts if its a unsucessfull login. When the count gets 3 set IslockedOut column in the table to "true" for that particular user.So even if the user tries to login with correct credentials he wont able to login. So when a user login you will have to check "Username","Password" and "IsLockedOut" in your logic.

If the IsLockedOut flag is false then allow the user to login if his username and password is correct else deny him to login even if other credentials are correct.

Amod Kumar Jaiswal · Answer 3 · 2011-12-05T01:26:00

C#

string LoginId = txtLoginId.Text.Trim().ToLower();
            string Password = txtPassword.Text.Trim();
            if (countloginid != LoginId)
            {
                count = 1;
            }

            Session["User_LoginId"] = LoginId;
            DataTable dtUser = objManageUsers.VerifyUserLogin(LoginId, Password);
            if (dtUser != null && dtUser.Rows.Count > 0)
            {
                if (LoginId == dtUser.Rows[0]["LoginId"].ToString() && Password == dtUser.Rows[0]["Password"].ToString())
                {
                    if (Convert.ToString(dtUser.Rows[0]["AccessLevel"]) != "1" && Convert.ToString(dtUser.Rows[0]["AccessLevel"]) != "9")
                    {
                        if (Convert.ToString(Session["Blok_UserEmailId"]) == LoginId)
                        {
                            this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                            this.errorMessageHtmlCell.InnerText = "Your email id has been blocked";
                        }
                        else
                        {
                            Session["UserName"] = dtUser.Rows[0]["UserName"];
                            Session["UserId"] = dtUser.Rows[0]["UserId"];
                            Session["AccessLevel"] = dtUser.Rows[0]["AccessLevel"];
                            Session["DeletedFlag"] = dtUser.Rows[0]["DeletedFlag"];
                            Session["UpdateHRData"] = dtUser.Rows[0]["UpdateHRData"];
                            Session["UpdateOprnData"] = dtUser.Rows[0]["UpdateOprnData"];
                            Session["UpdateMktData"] = dtUser.Rows[0]["UpdateMktData"];
                            FormsAuthentication.RedirectFromLoginPage("Welcome!    " + Convert.ToString(Session["UserName"]) + " | ", true);
                            Response.Redirect("~/Home.aspx");
                        }
                    }
                    else
                    {
                        Session["UserName"] = dtUser.Rows[0]["UserName"];
                        Session["UserId"] = dtUser.Rows[0]["UserId"];
                        Session["AccessLevel"] = dtUser.Rows[0]["AccessLevel"];
                        Session["DeletedFlag"] = dtUser.Rows[0]["DeletedFlag"];
                        Session["UpdateHRData"] = dtUser.Rows[0]["UpdateHRData"];
                        Session["UpdateOprnData"] = dtUser.Rows[0]["UpdateOprnData"];
                        Session["UpdateMktData"] = dtUser.Rows[0]["UpdateMktData"];
                        FormsAuthentication.RedirectFromLoginPage("Welcome!    " + Convert.ToString(Session["Fname"]) + " " + Convert.ToString(Session["Lname"]) + " | ", true);
                        Response.Redirect("~/Default.aspx");

                    }
                }
                else
                {
                    this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                    this.errorMessageHtmlCell.InnerText = "The login id or password you entered is incorrect.";
                    txtPassword.Focus();
                }
            }
            else
            {
                countloginid = Session["User_LoginId"].ToString();
                int sessioncount = count++;
                if (sessioncount == 3)
                {
                    Session["Blok_UserEmailId"] = Session["User_LoginId"];
                    this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                    this.errorMessageHtmlCell.InnerText = "Your Email Id has been blocked";
                }
                else
                {
                    this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                    this.errorMessageHtmlCell.InnerText = "The login id or password you entered is incorrect.";
                    txtPassword.Focus();
                }

S V Saichandra · Answer 4 · 2011-12-05T04:49:00

You can directly use the following asp.net web.config to restrict user access after your choice of invalid attempts

XML

<membership defaultProvider="Demo_MemberShipProvider">
    <providers>
        <add name="Demo_MemberShipProvider"
            type="System.Web.Security.SqlMembershipProvider"
            connectionStringName="cnn"
            enablePasswordRetrieval="false"
            enablePasswordReset="true"
            requiresQuestionAndAnswer="true"
            applicationName="/"
            requiresUniqueEmail="false"
            passwordFormat="Hashed"
            maxInvalidPasswordAttempts="5"
            minRequiredPasswordLength="5"
            minRequiredNonalphanumericCharacters="0"
            passwordAttemptWindow="10" passwordStrengthRegularExpression="">
    </providers>
</membership>

Change the maxInvalidPasswordAttempts="5" attribute to ="3"

Read complete article:
ASP.NET Membership and Role Provider[^]

Manas Bhardwaj · Answer 5 · 2011-08-08T23:52:00

Solution 1

Google [^]has the answer.

Posted 8-Aug-11 23:52pm

Manas Bhardwaj

RaviRanjanKr · Answer 6 · 2011-12-05T07:53:00

Solution 6

you can take a look some given link having similar question with solution
How User account be locked for 30 min after 5 unsuccessful login attempts with asp.net?[^]
Lock out users after three unsuccessful attempts without using a database[^]

Posted 5-Dec-11 7:53am

RaviRanjanKr