Reputation: 153
Prevent the entering of users that have entered the wrong password more than 3 times
I want to prevent entering of the users that have entered their password more than three times. I save their IP in session and set time-out for one minute. I don't know if this solution is good or not but there is a problem when wrong password is entered for three times. The code works correctly but, when the session times out, if I don't refresh the page it's not work. The user should be able to try again, but if I refresh it, the user can try again. What's the problem?
Here is my code...
if (olduser.Trim() == username.Trim() && password.Trim()==oldpass.Trim())
{ retval =olduser;
HttpContext context = HttpContext.Current;
context.Session[retval.ToString()] = retval.ToString();
}
else
{
string ip = HttpContext.Current.Request.UserHostAddress;
HttpContext failuser = HttpContext.Current;
failuser.Session.Timeout =1;
if (failuser.Session[ip] != null)
failuser.Session[ip] = (int)failuser.Session[ip] + 1;
else
failuser.Session[ip] = 1;
retval = failuser.Session[ip].ToString();
if((int)failuser.Session[ip]>2)
retval = "!";
}
return retval;
}
Upvotes: 0
Views: 687
Answers (2)
Reputation: 6493
If you use a membership provider you get this functionality for free:
Upvotes: 0
Reputation: 51634
You're probably trying to reinvent the wheel. Consider using a built in ASP.NET Membership Provider.
Upvotes: 3
Related Questions
- How to lock user account on 5 unsuccessful attempts
- Login attempt restriction
- Not allowing multiple logins at the same time in asp website
- Login - Allow only 3 attempts
- limit users that Have entered password wrong for 3times
- Block a user after a specified number of failed logins
- how to limit login attempts?
- What is the code to permit a user to have only three attempts to log on?
- how to prevent the user repeat-login
- How To Block The UserName After 3 Invalid Password Attempts IN ASP.NET