How To Block The UserName After 3 Invalid Password Attempts IN ASP.NET

Question

I used the following code for checking user name and password. and I want ti block the user name after 3 invalid password attempt. what should I add in my codeing

MD5CryptoServiceProvider md5hasher = new MD5CryptoServiceProvider();
        Byte[] hashedDataBytes;
        UTF8Encoding encoder = new UTF8Encoding();
        hashedDataBytes = md5hasher.ComputeHash(encoder.GetBytes(TextBox3.Text));
        StringBuilder hex = new StringBuilder(hashedDataBytes.Length * 2);
        foreach (Byte b in hashedDataBytes)
        {
            hex.AppendFormat("{0:x2}", b);
        }
        string hash = hex.ToString();

    SqlConnection con = new SqlConnection("Data Source=Shihab-PC;Initial Catalog=test;User ID=SOMETHING;Password=SOMETHINGELSE");
    SqlDataAdapter ad = new SqlDataAdapter("select password from Users where UserId='" + TextBox4.Text + "'", con);
    DataSet ds = new DataSet();
    ad.Fill(ds, "Users");

    SqlDataAdapter ad2 = new SqlDataAdapter("select UserId from Users ", con);
    DataSet ds2 = new DataSet();
    ad2.Fill(ds2, "Users");
    Session["id"] = TextBox4.Text.ToString();


    if ((string.Compare((ds.Tables["Users"].Rows[0][0].ToString()), hash)) == 0)
    {
        if (string.Compare(TextBox4.Text, (ds2.Tables["Users"].Rows[0][0].ToString())) == 0)
        {
                            Response.Redirect("actioncust.aspx");

        }
        else
        {

            Response.Redirect("actioncust.aspx");


        }
    }
    else
    {
        Label2.Text = "Invalid Login";
    }

    con.Close();

}

Answer 1

As SLaks has suggested it's better if you use ASP.Net membership. There's a lots of tutorials on web, if you search for them in Google.

Secondly you don't have to write two queries.

You could use Select UserId from Users where UserId=@id and password=@pass and then use count property of dataset

Answer 2

You should use ASP.Net membership, which does this out-of-the-box and is actually secure.