Login Form in 3-Tier Architecture With Lock in ASP.Net

Introduction

This article explains how to implement a login form using ASP.NET C# in a three-tier architecture. I have described it in details. You will also get many new and known concepts to learn in this article whether on the SQL Server Stored Procedure side or C# code side.

The following are the features of the Login Forms:

  • Developed in a three-tier architecture
  • Determines whether username and password exists
  • Maintains a count of incorrect login attempts
  • Locks the password after 4 unsuccessful attempts

I have already explained how to create a registration form in ASP.NET C#. You can check this link.
 
Database design

Database design

Stored Procedure

  1. Create PROCEDURE [dbo].[usp_LoginVerification]  
  2.     @UserId nvarchar(50),  
  3.     @Password nvarchar(20),  
  4.     @ERROR VARCHAR(100) OUT  
  5. AS  
  6. Begin  
  7. If exists (select 1 from MemberRegistration where UserId=@UserId and Password=@Password and IsLocked='0')  
  8. Begin  
  9. --declare  
  10.     update MemberRegistration set WrongLoginAttempt=0,IsLocked='0' Where UserId=@UserId  
  11.     set @ERROR=1  
  12.     select UserId,FirstName,MiddleName,LastName from MemberRegistration Where UserId=@UserId  
  13. End  
  14. Else  
  15.    Begin  
  16.        declare @LoginAttempt int;  
  17.        SET @LoginAttempt= (select WrongLoginAttempt from MemberRegistration where UserId=@UserId )  
  18.        update MemberRegistration set WrongLoginAttempt=@LoginAttempt+1 Where UserId=@UserId  
  19.        Set @ERROR='Your have entered wrong password'  
  20.        if @LoginAttempt>=4  
  21.        Begin  
  22.           update MemberRegistration set IsLocked='1' Where UserId=@UserId  
  23.           set @ERROR='Your Password is locked'  
  24.       End  
  25.     End  
  26.       Select @ERROR  
  27. End 

The following is the step-by-step procedure for development of the feature-enriched login form in a 3-tier architecture.

Step 1

Design your layered solution as below.

layered

Step 2

Open BELogin.cs and modify the code as below.

  1. namespace ABMS.BE  
  2. {  
  3.    public class BELogin  
  4.     {  
  5.         private string userId;  
  6.         private string password;  
  7.   
  8.         private string firstName;  
  9.   
  10.         public string FirstName  
  11.         {  
  12.             get { return firstName; }  
  13.             set { firstName = value; }  
  14.         }  
  15.         private string middleName;  
  16.   
  17.         public string MiddleName  
  18.         {  
  19.             get { return middleName; }  
  20.             set { middleName = value; }  
  21.         }  
  22.         private string lastName;  
  23.   
  24.         public string LastName  
  25.         {  
  26.             get { return lastName; }  
  27.             set { lastName = value; }  
  28.         }  
  29.         public string Password  
  30.         {  
  31.             get { return password; }  
  32.             set { password = value; }  
  33.         }  
  34.         public string UserId  
  35.         {  
  36.             get { return userId; }  
  37.             set { userId = value; }  
  38.         }  
  39.     }  

Step 3

Modify the BL layer BLLogin.cs as below:
  1. using System.Data;  
  2.   
  3. namespace ABMS.BL  
  4. {  
  5.     public class BLLogin  
  6.     {  
  7.         ABMS.DL.DLLogin  objdal = new ABMS.DL.DLLogin();  
  8.         BE.BELogin objbeLogin = new BE.BELogin();  
  9.         public DataSet UserLogin(BE.BELogin objbeLogin)  
  10.         {  
  11.             try  
  12.             {  
  13.   
  14.                 return objdal.LoginCredential(objbeLogin);  
  15.             }  
  16.             catch  
  17.             {  
  18.                 throw;  
  19.             }  
  20.         }  
  21.     }  

Step 4
 
Modify the DL Layer DLLogin.cs code as below:
  1. using System.Data.SqlClient;  
  2. using System.Data;  
  3.   
  4. namespace ABMS.DL  
  5. {  
  6.    public class DLLogin  
  7.    {  
  8.        SqlDBHelper sql = new SqlDBHelper();  
  9.        public DataSet LoginCredential(BE.BELogin belogin)  
  10.        {     
  11.            string connectionString = sql.ConnectionString();  
  12.            SqlConnection con = new SqlConnection();  
  13.            con.ConnectionString = connectionString;  
  14.            con.Open();  
  15.            SqlCommand cmd = new SqlCommand("usp_LoginVerification", con);  
  16.            cmd.CommandType = CommandType.StoredProcedure;  
  17.            cmd.Parameters.AddWithValue("@UserId", belogin.UserId);  
  18.            cmd.Parameters.AddWithValue("@Password", belogin.Password);  
  19.            cmd.Parameters.Add("@ERROR", SqlDbType.Char, 500);  
  20.            cmd.Parameters["@ERROR"].Direction = ParameterDirection.Output;  
  21.            SqlDataAdapter da = new SqlDataAdapter();  
  22.            DataSet ds = new DataSet();  
  23.            da = new SqlDataAdapter(cmd);  
  24.            da.Fill(ds);             
  25.            con.Close();  
  26.            return ds;  
  27.   
  28.        }  
  29.     }  

Step 5
 
Design the UI as below:

Design the UI

Step 6
 
Modify the code of the UI Login.aspx.cs as below:
  1. using System;  
  2. using System.Data;  
  3. namespace ABMS.UI.Account  
  4. {  
  5.     public partial class Login : System.Web.UI.Page  
  6.     {  
  7.         ABMS.BL.BLLogin objBL = new ABMS.BL.BLLogin();  
  8.         protected void Page_Load(object sender, EventArgs e)  
  9.         {               
  10.         }   
  11.         protected void btnLogin_Click(object sender, EventArgs e)  
  12.         {  
  13.             ABMS.BE.BELogin obJBE = new BE.BELogin();  
  14.             obJBE.UserId = UserName.Text.Trim();  
  15.             obJBE.Password = Password.Text.Trim();  
  16.             DataSet ds = new DataSet();  
  17.             ds = objBL.UserLogin(obJBE);  
  18.             if (ds.Tables.Count == 1)  
  19.             {  
  20.                 lblErrorMsg.Text = ds.Tables[0].Rows[0][0].ToString();  
  21.             }  
  22.             else if (ds.Tables[1].Rows[0][0].ToString() == "1")  
  23.             {  
  24.                 lblErrorMsg.Text = string.Empty;  
  25.                 Session["UserId"] = ds.Tables[0].Rows[0][0].ToString();  
  26.                 String name=null;  
  27.                 if (!string.IsNullOrEmpty( ds.Tables[0].Rows[0][1].ToString()))  
  28.                 {  
  29.                     name = name + ds.Tables[0].Rows[0][1].ToString();  
  30.                 }  
  31.                 if (!string.IsNullOrEmpty(ds.Tables[0].Rows[0][2].ToString()))  
  32.                 {  
  33.                     name = name +" "+ ds.Tables[0].Rows[0][2].ToString();  
  34.                 }  
  35.                 if (!string.IsNullOrEmpty(ds.Tables[0].Rows[0][3].ToString()))  
  36.                 {  
  37.                     name = name + " "+ds.Tables[0].Rows[0][3].ToString();  
  38.                 }  
  39.                 Session["Name"] = name;  
  40.                 Response.Redirect("~/Default.aspx");   
  41.             }  
  42.         }             
  43.     }  

Step 7
 
Run the application and enter the wrong password for multiple times. You will prompt the message as below:

message

Step 8
 
After attempting 4 times your password will be locked.

Password locked

Conclusion

In this article I have explained how to develop a feature-enriched Login form in a 3-tier architecture in ASP.NET C#.