Login - Allow only 3 attempts

I am creating a new application..I created a login page successfully..Now I need to modify the login page ..Only 3 attempts only allowed for a user ..If the user wrongly en开发者_如何学Pythonters the password more than 3 times(within 5 min) his account must be blocked..And error message must be shown as You cant access your page ..Please share your ideas...

use a MembershipProvider and in your web.config, in system.web you can configure number of attempts and timeouts. Set maxInvalidPasswordAttempts="3" and passwordAttemptWindow="5" for your requirements.

<membership defaultProvider="MyMembershipProvider">
  <providers>
    <clear/>
    <add name="MyMembershipProvider"
         type="MyMembershipProvider"
         autogenerateschema="true"
         connectionStringName="MyConnectionString"
         enablePasswordRetrieval="false"
         enablePasswordReset="true"
         requiresQuestionAndAnswer="false"
         requiresUniqueEmail="false"
         passwordFormat="Hashed"
         maxInvalidPasswordAttempts="3"
         minRequiredPasswordLength="8"
         minRequiredNonalphanumericCharacters="1"
         passwordAttemptWindow="5"
         passwordStrengthRegularExpression=""
         applicationName="/"  />
  </providers>
</membership>

This will require some configuration, but when configured properly (maybe even with a roleprovider) the default asp.net Login Controls can handle almost everything for you, even a PasswordRecovery and CreateUserWizard. The MembershipProvider will generate all required tables for user registration automatically.

The database can be a mdb file, ms sqlserver or mysql database.

Simply add an int-column to the user-table called FailedLogins. Count it up everytime it he fails and if the counter is bigger then 3 don't allow any logins anymore from that account.

Edit: If you want to reset the tries after a certain amount of time, you'll have to add a datetime-column (f.e. LastFailedLogin) and check if enough time has passed to allow further attempts and/or reset the counter.

You will want to use the Membership.MaxInvalidPasswordAttempts property to track the login attempts.

There is a working code example of displaying error messages here:

http://forums.asp.net/p/1520434/3652047.aspx

How many users are we talking, here? 1? Hundreds?

If there is just one, you could create a static int variable and static DateTime variable. When the program is started, set the int nTries to 0 and DateTime staticDate to Now.

Each time you show the login screen, check that nTries < MAX_TRIES and timeSpan < 5 minutes. If timeSpan is greater than 5 minutes, set nTries to 0 and update staticDate to Now.

If you like reading/writing with text files, you could also easily read/write the number of tries to/from a text file. In that case, you could have one line for each user, if you have a small application with just a few users (avoid the database overhead).

If you have hundreds of users, you'll want to use a database. In that database, you can store each user, his last login attempt time stamp, and the number of tries he has had.

you can use this code for that,

//if login failed
if (session["loginclient"] != null)
{
     if(Convert.ToInt32(session["loginclient"] ) == 3)
          Response.Redirect("Forgetpassword.aspx")
     else
          session["loginclient"] = Convert.ToInt32(session["loginclient"] ) + 1
}
else
{
    session["loginclient"] = 1;
}