I need to make count login attempt within period but i dont know are this logic is correct or wrong or something missed
if any thing wrong please help me or tell me what is remaining ?
i need to block user when count login attempt failed
- const int MaxNumberOfFailedAttemptsToLogin = 3;
- const int BlockMinutesAfterLimitFailedAttemptsToLogin = 15;
-
- public class Users
- {
-
- public DateTime? LastLoginAttemptAt { get; set; }
- public int LoginFailedAttemptsCount { get; set; }
- }
-
- public void CountLoginAttempt(string UserId, string Password,out bool Status)
- {
-
- usr.LoginFailedAttemptsCount = 0;
- usr.LastLoginAttemptAt = DateTime.Now;
- Status = true;
-
-
- string getCountLogin = @"select LastLoginAttemptAt , LoginFailedAttemptsCount from Users where Active = 1 AND UserId = @UserID";
- DataTable dtgetloginattempt = get result of query getCountLogin
- if (dtgetloginattempt.Rows.Count > 0)
- {
- usr.LoginFailedAttemptsCount = Utilities.ObjectConverter.ConvertToInteger(dtgetloginattempt.Rows[0]["LoginFailedAttemptsCount"]);
- usr.LastLoginAttemptAt = Utilities.ObjectConverter.ConvertToDateTime(dtgetloginattempt.Rows[0]["LastLoginAttemptAt"]);
- }
- if (usr.LoginFailedAttemptsCount > MaxNumberOfFailedAttemptsToLogin
- && usr.LastLoginAttemptAt.HasValue
- && DateTime.Now < usr.LastLoginAttemptAt.Value.AddMinutes(BlockMinutesAfterLimitFailedAttemptsToLogin))
- {
-
-
-
- Status = false;
- return;
- }
-
-
-
- var validUserNameAndPassword = UserManager.IsValidUser(UserId, EncryptedPassword);
- if (!validUserNameAndPassword)
- {
-
-
- usr.LoginFailedAttemptsCount++;
-
-
-
- if(usr.LoginFailedAttemptsCount==1)
- {
- string Sql = @"update Users set LastLoginAttemptAt='" + DateTime.Now.ToString("yyyy/MM/dd HH:mm") + "' , LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";
-
- }
- else
- {
- string Sql = @"update Users set LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";
-
- }
-
-
-
- return;
- }
- else
- {
- usr.LoginFailedAttemptsCount = 0;
-
- string Sql = @"update Users set LastLoginAttemptAt=null , LoginFailedAttemptsCount=0 where Active = 1 AND UserId = @UserID ";
-
- Status = true;
-
-
- }
- }
Are this logic above is correct to block user when login failed attempt or have some thing wrong ?