Wednesday, November 29, 2017

ASP.NET : Lock user for day after 3 invalid login attempt

In this article I am going to explain how to lock the user for day after 3 invalid login attempt in asp.net.

Description:
I want to lock the users for a day after 3 invalid login attempt. For example if user try to login on 25 November with 3 wrong password attempt, he/she will be locked for 25 November. He/she can’t login even enter correct password. He will be able to login on 26 November.  

Implementation:
I have created a table user_login


ASP.NET : Lock user for  day after 3 invalid login attempt


Create store to validate users:

Create PROCEDURE [UserLogin]
(@UserName VARCHAR(50),
@Password VARCHAR(50)
)
AS
BEGIN
declare @todaydate date =getdate()
declare @attempt int
declare @dateadd date
declare @output varchar(20)
set @dateadd= (select Logindate from dbo.user_login where Username=@UserName)
set @attempt = (select FailedAttempt from dbo.user_login WHERE UserName = @UserName)       
if(@todaydate = @dateadd)
IF EXISTS(SELECT UserName FROM user_login WHERE UserName = @UserName AND pwd = @Password and Is_Locked=0 AND (ISNULL(FailedAttempt, 0) < 3))
    BEGIN
    UPDATE user_login
        SET
        Logindate = GETDATE()
        WHERE UserName = @UserName
        set @output ='Success'
select @output as 'Users'
    END   
     ELSE IF not exists(SELECT UserName FROM user_login WHERE UserName = @UserName)
  begin
    set @output ='not exist'
select @output as 'Users'
  end
  ELSE
    BEGIN
        IF (SELECT ISNULL(FailedAttempt, 0) FROM user_login WHERE UserName = @UserName) < 3
        BEGIN
            UPDATE user_login
            SET FailedAttempt = ISNULL(FailedAttempt, 0) + 1,            
            Logindate = GETDATE()
            WHERE UserName = @UserName
             set @output ='Fail'
select @output as 'Users'
        END       
        else
begin
UPDATE user_login SET Is_Locked=1 WHERE UserName = @UserName
 set @output ='Locked'
select @output as 'Users'
end
end
else
begin
if(@todaydate > @dateadd)
 UPDATE user_login SET FailedAttempt = 0, Is_Locked=0 WHERE UserName = @UserName
IF EXISTS(SELECT UserName FROM user_login WHERE UserName = @UserName AND pwd = @Password and Is_Locked=0 AND (ISNULL(FailedAttempt, 0) < 3))
    BEGIN
    UPDATE user_login
        SET FailedAttempt = NULL,      
        Logindate = GETDATE()
        WHERE UserName = @UserName
        set @output ='Success'
select @output as 'Users'
    END
     ELSE IF not exists(SELECT UserName FROM user_login WHERE UserName = @UserName)
  begin
    set @output ='not exist'
select @output as 'Users'
  end
    ELSE
    BEGIN
        IF (SELECT ISNULL(FailedAttempt, 0) FROM user_login WHERE UserName = @UserName) < 3
        BEGIN
            UPDATE user_login
            SET FailedAttempt = ISNULL(FailedAttempt, 0) + 1,
            Logindate = GETDATE()
            WHERE UserName = @UserName
             set @output ='Fail'
select @output as 'Users'
 END
        else
begin
UPDATE user_login SET Is_Locked=1 WHERE UserName = @UserName
 set @output ='Locked'
select @output as 'Users'
end
end
end
END

Now add a webform to project.
Complete HTML Markup of webform:

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Lock users</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
     <fieldset style="width:20%">
            <legend>Login</legend>
      
        <table>
            <tr>
                <td>Username :</td>
                <td>  <asp:TextBox ID="txtusername" runat="server"></asp:TextBox></td>
            </tr>
            <tr>
                <td>Password :</td>
                <td> <asp:TextBox ID="txtpassword" TextMode="Password" runat="server"></asp:TextBox></td>
            </tr>
            <tr>
                <td></td>
                <td><asp:Button ID="Button1" runat="server" Text="Login" />
                    <asp:Button ID="btncancel" runat="server" Text="Cancel"/></td>
            </tr>
        </table>
    </fieldset>
    </div>
    </form>
</body>
</html>

Add namespace

C# Code :
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

VB.Net Code :
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration

On login button click write the below given code:
C# Code :

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ToString());
protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
            SqlDataAdapter adp = new SqlDataAdapter("UserLogin", con);
            adp.SelectCommand.CommandType = CommandType.StoredProcedure;
            adp.SelectCommand.Parameters.AddWithValue("@UserName", txtusername.Text);
            adp.SelectCommand.Parameters.AddWithValue("@Password", txtpassword.Text);
            DataTable dt = new DataTable();
            adp.Fill(dt);
            string login = dt.Rows[0]["Users"].ToString();
            if (login == "Success")
            {               
                Messagebox("Login Successfully");
                Response.Redirect("dashboard.aspx");
            }
            else if (login == "Fail")
            {
                Messagebox("Login failed !!! Check username & password");
            }
            else if (login == "not exist")
            {
                Messagebox("User not exist !!! Check username & password");
            }
            else
            {
                Messagebox("You are Locked for today. Please come tomorrow & login");
            }
        }
            catch(Exception ex){}
        }
    private void Messagebox(string Message)
    {
        Label lblMessageBox = new Label();
        lblMessageBox.Text =
            "<script language='javascript'>" + Environment.NewLine +
            "window.alert('" + Message + "')</script>";
        Page.Controls.Add(lblMessageBox);
    }

    protected void btncancel_Click(object sender, EventArgs e)
    {
        txtusername.Text = "";
        txtpassword.Text = "";
    }

VB.Net Code :

Private con As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("connection").ToString())

    Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        Try
            Dim adp As SqlDataAdapter = New SqlDataAdapter("UserLogin", con)
            adp.SelectCommand.CommandType = CommandType.StoredProcedure
            adp.SelectCommand.Parameters.AddWithValue("@UserName", txtusername.Text)
            adp.SelectCommand.Parameters.AddWithValue("@Password", txtpassword.Text)
            Dim dt As DataTable = New DataTable()
            adp.Fill(dt)
            Dim login As String = dt.Rows(0)("Users").ToString()
            If login = "Success" Then
                Messagebox("Login Successfully")
                Response.Redirect("dashboard.aspx")
            ElseIf login = "Fail" Then
                Messagebox("Login failed !!! Check username & password")
            ElseIf login = "not exist" Then
                Messagebox("User not exist !!! Check username & password")
            Else
                Messagebox("You are Locked for today. Please come tomorrow & login")
            End If
        Catch ex As Exception
        End Try
    End Sub
    Private Sub Messagebox(ByVal Message As String)
        Dim lblMessageBox As Label = New Label()
        lblMessageBox.Text = "<script language='javascript'>" & Environment.NewLine & "window.alert('" & Message & "')</script>"
        Page.Controls.Add(lblMessageBox)
    End Sub

    Protected Sub btncancel_Click(sender As Object, e As EventArgs) Handles btncancel.Click
        txtusername.Text = ""
        txtpassword.Text = ""
    End Sub


No comments:

Post a Comment