TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
ahmed elbarbary
NA
1.6k
254.8k
Are using count login attempt within period by this way is c
Sep 6 2019 10:38 PM
I need to make count login attempt within period but i dont know are this logic is correct or wrong or something missed
if any thing wrong please help me or tell me what is remaining ?
i need to block user when count login attempt failed
const
int
MaxNumberOfFailedAttemptsToLogin = 3;
const
int
BlockMinutesAfterLimitFailedAttemptsToLogin = 15;
public
class
Users
{
public
DateTime? LastLoginAttemptAt {
get
;
set
; }
public
int
LoginFailedAttemptsCount {
get
;
set
; }
}
public
void
CountLoginAttempt(
string
UserId,
string
Password,
out
bool
Status)
{
usr.LoginFailedAttemptsCount = 0;
usr.LastLoginAttemptAt = DateTime.Now;
Status =
true
;
string
getCountLogin = @
"select LastLoginAttemptAt , LoginFailedAttemptsCount from Users where Active = 1 AND UserId = @UserID"
;
DataTable dtgetloginattempt =
get
result of query getCountLogin
if
(dtgetloginattempt.Rows.Count > 0)
{
usr.LoginFailedAttemptsCount = Utilities.ObjectConverter.ConvertToInteger(dtgetloginattempt.Rows[0][
"LoginFailedAttemptsCount"
]);
usr.LastLoginAttemptAt = Utilities.ObjectConverter.ConvertToDateTime(dtgetloginattempt.Rows[0][
"LastLoginAttemptAt"
]);
}
if
(usr.LoginFailedAttemptsCount > MaxNumberOfFailedAttemptsToLogin
&& usr.LastLoginAttemptAt.HasValue
&& DateTime.Now < usr.LastLoginAttemptAt.Value.AddMinutes(BlockMinutesAfterLimitFailedAttemptsToLogin))
{
// Login is blocked, need to break the process.
// Return error message "Your account was blocked
// for a 15 minutes, please try again later."
Status =
false
;
return
;
}
var validUserNameAndPassword = UserManager.IsValidUser(UserId, EncryptedPassword);
if
(!validUserNameAndPassword)
{
// Invalid password, need to update the number of attempts.
usr.LoginFailedAttemptsCount++;
if
(usr.LoginFailedAttemptsCount==1)
{
string
Sql = @
"update Users set LastLoginAttemptAt='"
+ DateTime.Now.ToString(
"yyyy/MM/dd HH:mm"
) +
"' , LoginFailedAttemptsCount="
+ usr.LoginFailedAttemptsCount +
" where Active = 1 AND UserId = @UserID"
;
}
else
{
string
Sql = @
"update Users set LoginFailedAttemptsCount="
+ usr.LoginFailedAttemptsCount +
" where Active = 1 AND UserId = @UserID"
;
}
// Update(login);
// Return error message "Invalid username or password"
return
;
}
else
{
usr.LoginFailedAttemptsCount = 0;
string
Sql = @
"update Users set LastLoginAttemptAt=null , LoginFailedAttemptsCount=0 where Active = 1 AND UserId = @UserID "
;
Status =
true
;
// Update(login);
// Success!
}
}
Are this logic above is correct to block user when login failed attempt or have some thing wrong ?
Reply
Answers (
0
)
Dedicated Server hosting Win 2012 vs 2016 for ASP.NET
How to add userid to payload when generate access token usin