In this article I am going to explain how to lock the user
for day after 3 invalid login attempt in asp.net.
Description:
I want to lock the users for a day after 3 invalid login
attempt. For example if user try to login on 25 November with 3 wrong password
attempt, he/she will be locked for 25 November. He/she can’t login even enter
correct password. He will be able to login on 26 November.
Implementation:
I have created a table user_login
Create
store to validate users:
Create PROCEDURE [UserLogin]
(@UserName
VARCHAR(50),
@Password VARCHAR(50)
)
AS
BEGIN
declare @todaydate date =getdate()
declare @attempt int
declare @dateadd date
declare @output varchar(20)
set @dateadd= (select Logindate from dbo.user_login where Username=@UserName)
set @attempt = (select FailedAttempt
from dbo.user_login
WHERE UserName =
@UserName)
if(@todaydate = @dateadd)
IF EXISTS(SELECT
UserName FROM user_login WHERE UserName =
@UserName AND pwd =
@Password and Is_Locked=0
AND (ISNULL(FailedAttempt, 0) < 3))
BEGIN
UPDATE user_login
SET
Logindate = GETDATE()
WHERE UserName =
@UserName
set @output ='Success'
select @output as 'Users'
END
ELSE IF not exists(SELECT UserName FROM
user_login WHERE UserName = @UserName)
begin
set @output ='not exist'
select @output as 'Users'
end
ELSE
BEGIN
IF (SELECT ISNULL(FailedAttempt, 0) FROM user_login WHERE UserName =
@UserName) <
3
BEGIN
UPDATE user_login
SET FailedAttempt = ISNULL(FailedAttempt, 0) + 1,
Logindate = GETDATE()
WHERE UserName =
@UserName
set @output ='Fail'
select @output as 'Users'
END
else
begin
UPDATE user_login SET Is_Locked=1 WHERE UserName = @UserName
set @output ='Locked'
select @output as 'Users'
end
end
else
begin
if(@todaydate > @dateadd)
UPDATE user_login SET
FailedAttempt = 0,
Is_Locked=0 WHERE
UserName = @UserName
IF EXISTS(SELECT
UserName FROM user_login WHERE UserName =
@UserName AND pwd =
@Password and Is_Locked=0
AND (ISNULL(FailedAttempt, 0) < 3))
BEGIN
UPDATE user_login
SET FailedAttempt = NULL,
Logindate = GETDATE()
WHERE UserName =
@UserName
set @output ='Success'
select @output as 'Users'
END
ELSE IF not exists(SELECT UserName FROM
user_login WHERE UserName = @UserName)
begin
set @output ='not exist'
select @output as 'Users'
end
ELSE
BEGIN
IF (SELECT ISNULL(FailedAttempt, 0) FROM user_login WHERE UserName =
@UserName) <
3
BEGIN
UPDATE user_login
SET FailedAttempt = ISNULL(FailedAttempt, 0) + 1,
Logindate = GETDATE()
WHERE UserName =
@UserName
set @output ='Fail'
select @output as 'Users'
END
else
begin
UPDATE user_login SET Is_Locked=1 WHERE UserName = @UserName
set @output ='Locked'
select @output as 'Users'
end
end
end
END
Now add a webform to project.
Complete HTML Markup of webform:
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Lock users</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<fieldset style="width:20%">
<legend>Login</legend>
<table>
<tr>
<td>Username :</td>
<td> <asp:TextBox ID="txtusername" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td>Password :</td>
<td> <asp:TextBox ID="txtpassword" TextMode="Password" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td></td>
<td><asp:Button ID="Button1" runat="server" Text="Login" />
<asp:Button ID="btncancel" runat="server" Text="Cancel"/></td>
</tr>
</table>
</fieldset>
</div>
</form>
</body>
</html>
Add namespace
C# Code
:
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
VB.Net
Code :
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration
On login button click write the below given code:
C# Code
:
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ToString());
protected void Button1_Click(object sender, EventArgs e)
{
try
{
SqlDataAdapter adp = new SqlDataAdapter("UserLogin", con);
adp.SelectCommand.CommandType =
CommandType.StoredProcedure;
adp.SelectCommand.Parameters.AddWithValue("@UserName", txtusername.Text);
adp.SelectCommand.Parameters.AddWithValue("@Password", txtpassword.Text);
DataTable dt = new DataTable();
adp.Fill(dt);
string login = dt.Rows[0]["Users"].ToString();
if (login == "Success")
{
Messagebox("Login
Successfully");
Response.Redirect("dashboard.aspx");
}
else if (login == "Fail")
{
Messagebox("Login failed
!!! Check username & password");
}
else if (login == "not exist")
{
Messagebox("User not
exist !!! Check username & password");
}
else
{
Messagebox("You are
Locked for today. Please come tomorrow & login");
}
}
catch(Exception ex){}
}
private void Messagebox(string Message)
{
Label
lblMessageBox = new Label();
lblMessageBox.Text =
"<script
language='javascript'>" + Environment.NewLine
+
"window.alert('" + Message + "')</script>";
Page.Controls.Add(lblMessageBox);
}
protected void btncancel_Click(object sender, EventArgs e)
{
txtusername.Text = "";
txtpassword.Text = "";
}
VB.Net
Code :
Private con As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("connection").ToString())
Protected Sub
Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Try
Dim adp As SqlDataAdapter = New SqlDataAdapter("UserLogin", con)
adp.SelectCommand.CommandType = CommandType.StoredProcedure
adp.SelectCommand.Parameters.AddWithValue("@UserName", txtusername.Text)
adp.SelectCommand.Parameters.AddWithValue("@Password", txtpassword.Text)
Dim dt As DataTable = New DataTable()
adp.Fill(dt)
Dim login As String = dt.Rows(0)("Users").ToString()
If login = "Success" Then
Messagebox("Login
Successfully")
Response.Redirect("dashboard.aspx")
ElseIf login = "Fail" Then
Messagebox("Login failed
!!! Check username & password")
ElseIf login = "not exist" Then
Messagebox("User not
exist !!! Check username & password")
Else
Messagebox("You are
Locked for today. Please come tomorrow & login")
End If
Catch ex As Exception
End Try
End Sub
Private Sub Messagebox(ByVal Message As String)
Dim lblMessageBox As Label = New Label()
lblMessageBox.Text = "<script language='javascript'>" & Environment.NewLine & "window.alert('" & Message &
"')</script>"
Page.Controls.Add(lblMessageBox)
End Sub
Protected Sub
btncancel_Click(sender As Object, e As EventArgs) Handles btncancel.Click
txtusername.Text = ""
txtpassword.Text = ""
End
Sub
No comments:
Post a Comment