I need to make count login attempt within period but i dont know are this logic is correct or wrong or something missed if any thing wrong please help me or tell me what is remaining ? i need to block user when count login attempt failed const int MaxNumberOfFailedAttemptsToLogin = 3; const int BlockMinutesAfterLimitFailedAttemptsToLogin = 15; public class Users { public DateTime? LastLoginAttemptAt { get ; set ; } public int LoginFailedAttemptsCount { get ; set ; } } public void CountLoginAttempt( string UserId, string Password, out bool Status) { usr.LoginFailedAttemptsCount = 0; usr.LastLoginAttemptAt = DateTime.Now; Status = true ; string getCountLogin = @ "select LastLoginAttemptAt , LoginFailedAttemptsCount from Users where Active = 1 AND UserId = @UserID" ; DataTable dtgetloginattempt = get result of query getCountLogin if (dtgetloginattempt.Rows.Count > 0) { usr.LoginFailedAttemptsCount = Utilities.ObjectConverter.ConvertToInteger(dtgetloginattempt.Rows[0][ "LoginFailedAttemptsCount" ]); usr.LastLoginAttemptAt = Utilities.ObjectConverter.ConvertToDateTime(dtgetloginattempt.Rows[0][ "LastLoginAttemptAt" ]); } if (usr.LoginFailedAttemptsCount > MaxNumberOfFailedAttemptsToLogin && usr.LastLoginAttemptAt.HasValue && DateTime.Now { // Login is blocked, need to break the process. // Return error message "Your account was blocked // for a 15 minutes, please try again later." Status = false ; return ; } var validUserNameAndPassword = UserManager.IsValidUser(UserId, EncryptedPassword); if (!validUserNameAndPassword) { // Invalid password, need to update the number of attempts. usr.LoginFailedAttemptsCount++; if (usr.LoginFailedAttemptsCount==1) { string Sql = @ "update Users set LastLoginAttemptAt='" + DateTime.Now.ToString( "yyyy/MM/dd HH:mm" ) + "' , LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID" ; } else { string Sql = @ "update Users set LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID" ; } // Update(login); // Return error message "Invalid username or password" return ; } else { usr.LoginFailedAttemptsCount = 0; string Sql = @ "update Users set LastLoginAttemptAt=null , LoginFailedAttemptsCount=0 where Active = 1 AND UserId = @UserID " ; Status = true ; // Update(login); // Success! } } Are this logic above is correct to block user when login failed attempt or have some thing wrong ?

Answer

Are using count login attempt within period by this way is c

ahmed elbarbary

1.3k

I need to make count login attempt within period but i dont know are this logic is correct or wrong or something missed

if any thing wrong please help me or tell me what is remaining ?

i need to block user when count login attempt failed

const int MaxNumberOfFailedAttemptsToLogin = 3;
const int BlockMinutesAfterLimitFailedAttemptsToLogin = 15;
public class Users
{
public DateTime? LastLoginAttemptAt { get; set; }
public int LoginFailedAttemptsCount { get; set; }
}
public void CountLoginAttempt(string UserId, string Password,out bool Status)
{
usr.LoginFailedAttemptsCount = 0;
usr.LastLoginAttemptAt = DateTime.Now;
Status = true;
string getCountLogin = @"select LastLoginAttemptAt , LoginFailedAttemptsCount from Users where Active = 1 AND UserId = @UserID";
DataTable dtgetloginattempt = get result of query getCountLogin
if (dtgetloginattempt.Rows.Count > 0)
{
usr.LoginFailedAttemptsCount = Utilities.ObjectConverter.ConvertToInteger(dtgetloginattempt.Rows[0]["LoginFailedAttemptsCount"]);
usr.LastLoginAttemptAt = Utilities.ObjectConverter.ConvertToDateTime(dtgetloginattempt.Rows[0]["LastLoginAttemptAt"]);
}
if (usr.LoginFailedAttemptsCount > MaxNumberOfFailedAttemptsToLogin
&& usr.LastLoginAttemptAt.HasValue
&& DateTime.Now < usr.LastLoginAttemptAt.Value.AddMinutes(BlockMinutesAfterLimitFailedAttemptsToLogin))
{
// Login is blocked, need to break the process.
// Return error message "Your account was blocked
// for a 15 minutes, please try again later."
Status = false;
return;
}
var validUserNameAndPassword = UserManager.IsValidUser(UserId, EncryptedPassword);
if (!validUserNameAndPassword)
{
// Invalid password, need to update the number of attempts.
usr.LoginFailedAttemptsCount++;
if(usr.LoginFailedAttemptsCount==1)
{
string Sql = @"update Users set LastLoginAttemptAt='" + DateTime.Now.ToString("yyyy/MM/dd HH:mm") + "' , LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";
}
else
{
string Sql = @"update Users set LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";
}
// Update(login);
// Return error message "Invalid username or password"
return;
}
else
{
usr.LoginFailedAttemptsCount = 0;
string Sql = @"update Users set LastLoginAttemptAt=null , LoginFailedAttemptsCount=0 where Active = 1 AND UserId = @UserID ";
Status = true;
// Update(login);
// Success!
}
}

Are this logic above is correct to block user when login failed attempt or have some thing wrong ?

Next Recommended Forum

Dedicated Server hosting Win 2012 vs 2016 for ASP.NET

How to add userid to payload when generate access token usin

Forum Statistics

Please welcome our newest member ric figueroa.
3,090,971 users have contributed to 147,405 threads and 483,581
In the past 24 hours, we have 2 new threads, 6 new posts, and 163 new users.
In last week, the most popular thread is 'C# - Chapter - How to start a Chapter in Florida, USA'.

Upcoming Events

View all

Are using count login attempt within period by this way is c

Answers (0)