Click here to Skip to main content
15,358,707 members
Please Sign up or sign in to vote.
5.00/5 (1 vote)
See more:
I want to restrict user who has login more then three time how can i do this.
Posted

Hi,

Add one column in your login table i.e. LoginAttempt.

1) Update LoginAttempted value in login stored procedure / query.
2) After successful login , reset to 0(zero).
3) on each login you can check LoginAttempted column value and do particular action on it. like restrict him or give him some message.

hope this will help you,
thanks
-amit.
   
Comments
Member 12210282 26-Nov-21 3:45am
   
this UserID based solution but there should be IP based solution
There are two option with you;

1. Either use a ASP.net membership provider class it has a default functionality implemented which locks he users after a certain unsuccessfull login attempts.

2. Add a cloumn"IsLockedOut" of datatype boolean ,to your user table and while a user attemts to login just count the number of attempts if its a unsucessfull login. When the count gets 3 set IslockedOut column in the table to "true" for that particular user.So even if the user tries to login with correct credentials he wont able to login. So when a user login you will have to check "Username","Password" and "IsLockedOut" in your logic.

If the IsLockedOut flag is false then allow the user to login if his username and password is correct else deny him to login even if other credentials are correct.
   
C#
string LoginId = txtLoginId.Text.Trim().ToLower();
            string Password = txtPassword.Text.Trim();
            if (countloginid != LoginId)
            {
                count = 1;
            }

            Session["User_LoginId"] = LoginId;
            DataTable dtUser = objManageUsers.VerifyUserLogin(LoginId, Password);
            if (dtUser != null && dtUser.Rows.Count > 0)
            {
                if (LoginId == dtUser.Rows[0]["LoginId"].ToString() && Password == dtUser.Rows[0]["Password"].ToString())
                {
                    if (Convert.ToString(dtUser.Rows[0]["AccessLevel"]) != "1" && Convert.ToString(dtUser.Rows[0]["AccessLevel"]) != "9")
                    {
                        if (Convert.ToString(Session["Blok_UserEmailId"]) == LoginId)
                        {
                            this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                            this.errorMessageHtmlCell.InnerText = "Your email id has been blocked";
                        }
                        else
                        {
                            Session["UserName"] = dtUser.Rows[0]["UserName"];
                            Session["UserId"] = dtUser.Rows[0]["UserId"];
                            Session["AccessLevel"] = dtUser.Rows[0]["AccessLevel"];
                            Session["DeletedFlag"] = dtUser.Rows[0]["DeletedFlag"];
                            Session["UpdateHRData"] = dtUser.Rows[0]["UpdateHRData"];
                            Session["UpdateOprnData"] = dtUser.Rows[0]["UpdateOprnData"];
                            Session["UpdateMktData"] = dtUser.Rows[0]["UpdateMktData"];
                            FormsAuthentication.RedirectFromLoginPage("Welcome!    " + Convert.ToString(Session["UserName"]) + " | ", true);
                            Response.Redirect("~/Home.aspx");
                        }
                    }
                    else
                    {
                        Session["UserName"] = dtUser.Rows[0]["UserName"];
                        Session["UserId"] = dtUser.Rows[0]["UserId"];
                        Session["AccessLevel"] = dtUser.Rows[0]["AccessLevel"];
                        Session["DeletedFlag"] = dtUser.Rows[0]["DeletedFlag"];
                        Session["UpdateHRData"] = dtUser.Rows[0]["UpdateHRData"];
                        Session["UpdateOprnData"] = dtUser.Rows[0]["UpdateOprnData"];
                        Session["UpdateMktData"] = dtUser.Rows[0]["UpdateMktData"];
                        FormsAuthentication.RedirectFromLoginPage("Welcome!    " + Convert.ToString(Session["Fname"]) + " " + Convert.ToString(Session["Lname"]) + " | ", true);
                        Response.Redirect("~/Default.aspx");

                    }
                }
                else
                {
                    this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                    this.errorMessageHtmlCell.InnerText = "The login id or password you entered is incorrect.";
                    txtPassword.Focus();
                }
            }
            else
            {
                countloginid = Session["User_LoginId"].ToString();
                int sessioncount = count++;
                if (sessioncount == 3)
                {
                    Session["Blok_UserEmailId"] = Session["User_LoginId"];
                    this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                    this.errorMessageHtmlCell.InnerText = "Your Email Id has been blocked";
                }
                else
                {
                    this.errorMessageHtmlCell.Attributes.Add("style", "color:Red");
                    this.errorMessageHtmlCell.InnerText = "The login id or password you entered is incorrect.";
                    txtPassword.Focus();
                }
   
v2
Comments
[no name] 5-Dec-11 12:05pm
   
Format code snippets
You can directly use the following asp.net web.config to restrict user access after your choice of invalid attempts

XML
<membership defaultProvider="Demo_MemberShipProvider">
    <providers>
        <add name="Demo_MemberShipProvider"
            type="System.Web.Security.SqlMembershipProvider"
            connectionStringName="cnn"
            enablePasswordRetrieval="false"
            enablePasswordReset="true"
            requiresQuestionAndAnswer="true"
            applicationName="/"
            requiresUniqueEmail="false"
            passwordFormat="Hashed"
            maxInvalidPasswordAttempts="5"
            minRequiredPasswordLength="5"
            minRequiredNonalphanumericCharacters="0"
            passwordAttemptWindow="10" passwordStrengthRegularExpression="">
    </providers>
</membership>



Change the maxInvalidPasswordAttempts="5" attribute to ="3"

Read complete article:
ASP.NET Membership and Role Provider[^]
   
Google [^]has the answer.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900