ahmed elbarbary

ahmed elbarbary

  • 1.5k
  • 353
  • 13.4k

Are using count login attempt within period by this way is c

Sep 6 2019 10:38 PM
I need to make count login attempt within period but i dont know are this logic is correct or wrong or something missed
if any thing wrong please help me or tell me what is remaining ?
i need to block user when count login attempt failed 
  1. const int MaxNumberOfFailedAttemptsToLogin = 3;  
  2. const int BlockMinutesAfterLimitFailedAttemptsToLogin = 15;  
  3.   
  4. public class Users  
  5.     {  
  6.          
  7.         public DateTime? LastLoginAttemptAt { getset; }  
  8.         public int LoginFailedAttemptsCount { getset; }  
  9.     }  
  10.   
  11. public void CountLoginAttempt(string UserId, string Password,out bool Status)  
  12.         {  
  13.              
  14.             usr.LoginFailedAttemptsCount = 0;  
  15.             usr.LastLoginAttemptAt = DateTime.Now;  
  16.             Status = true;  
  17.              
  18.   
  19.             string getCountLogin = @"select  LastLoginAttemptAt , LoginFailedAttemptsCount from Users where Active = 1 AND UserId = @UserID";  
  20.             DataTable dtgetloginattempt = get result of query getCountLogin  
  21.             if (dtgetloginattempt.Rows.Count > 0)  
  22.             {  
  23.                 usr.LoginFailedAttemptsCount = Utilities.ObjectConverter.ConvertToInteger(dtgetloginattempt.Rows[0]["LoginFailedAttemptsCount"]);  
  24.                 usr.LastLoginAttemptAt = Utilities.ObjectConverter.ConvertToDateTime(dtgetloginattempt.Rows[0]["LastLoginAttemptAt"]);  
  25.             }  
  26.             if (usr.LoginFailedAttemptsCount > MaxNumberOfFailedAttemptsToLogin  
  27.             && usr.LastLoginAttemptAt.HasValue  
  28.             && DateTime.Now < usr.LastLoginAttemptAt.Value.AddMinutes(BlockMinutesAfterLimitFailedAttemptsToLogin))  
  29.             {  
  30.                 // Login is blocked, need to break the process.  
  31.                 // Return error message "Your account was blocked   
  32.                 // for a 15 minutes, please try again later."  
  33.                 Status = false;  
  34.                 return;  
  35.             }  
  36.              
  37.               
  38.              
  39.             var validUserNameAndPassword = UserManager.IsValidUser(UserId, EncryptedPassword);  
  40.             if (!validUserNameAndPassword)  
  41.             {  
  42.                 // Invalid password, need to update the number of attempts.  
  43.        
  44.                 usr.LoginFailedAttemptsCount++;  
  45.                   
  46.   
  47.                   
  48.                 if(usr.LoginFailedAttemptsCount==1)  
  49.                 {  
  50.                     string Sql = @"update Users set LastLoginAttemptAt='" + DateTime.Now.ToString("yyyy/MM/dd HH:mm") + "' , LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";  
  51.                       
  52.                 }  
  53.                 else  
  54.                 {  
  55.                     string Sql = @"update Users set  LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";  
  56.                       
  57.                 }  
  58.                   
  59.                 // Update(login);  
  60.                 // Return error message "Invalid username or password"  
  61.                 return;  
  62.             }  
  63.             else  
  64.             {  
  65.                 usr.LoginFailedAttemptsCount = 0;  
  66.               
  67.                 string Sql = @"update Users set LastLoginAttemptAt=null , LoginFailedAttemptsCount=0 where Active = 1 AND UserId = @UserID ";  
  68.                   
  69.                 Status = true;  
  70.                 // Update(login);  
  71.                 // Success!  
  72.             }  
  73.         }  
Are this logic above is correct to block user when login failed attempt  or have some thing wrong ?