ASP.NET, how stop number of retry at login Page

In my asp.net website, i would like to implement account lock at login page. I am not using provider for that. Also i would like to Auto-Unlock account after configurable time.

As i know microsoft also provide account lock feature with provider, but i have different requireme开发者_StackOverflownts

1. I am using Oracle database
2. I would not like to store account lock info in database. Because it require administrator involvement.
3. Is there auto-unlock way of doing?

Please help?

You can use the cookies to store the number of tries and time when lockout started. Then on page load you read from that cookie and if number of tries exceeds specified times set lock. If it is locked and the locking period expired then unlock loging.

After successful login, set number of unsuccessful tries to 0.

You could use the singleton pattern to create an object that maintains information betweens requests in the same way a cache or session object does.

With this in mind you you can construct in memory only object you can use to limit repeat requests in your site by maintaining information of each failed request, you can also combine this with timers to remove requests older than a specified time. This then allows you to check the user hasn't exceeded the failed request count, and the timer will auto unlock by automatically removing the old requests.

http://www.dofactory.com/patterns/PatternSingleton.aspx

The singleton will only exist for the life of the application process so if it cycles down it will clear all requests information and therefore all locks - I think in IIS this is like 20 minutes, although deploying also recycles the application.