我正在创建一个新的应用程序..我成功创建了一个登录页面..现在我需要修改登录页面..只允许用户进行3次尝试..如果用户错误地输入密码超过3次(5次以内) min)他的帐户必须被屏蔽。并且必须显示错误消息,因为您无法访问您的页面..请分享您的想法...
use a MembershipProvider and in your web.config, in system.web you can configure number of attempts and timeouts. Set maxInvalidPasswordAttempts="3" and passwordAttemptWindow="5" for your requirements.
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="MyMembershipProvider"
autogenerateschema="true"
connectionStringName="MyConnectionString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="3"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="5"
passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
This will require some configuration, but when configured properly (maybe even with a roleprovider) the default asp.net Login Controls can handle almost everything for you, even a PasswordRecovery and CreateUserWizard. The MembershipProvider will generate all required tables for user registration automatically.
The database can be a mdb file, ms sqlserver or mysql database.
Simply add an int-column to the user-table called FailedLogins
. Count it up everytime it he fails and if the counter is bigger then 3 don't allow any logins anymore from that account.
Edit: If you want to reset the tries after a certain amount of time, you'll have to add a datetime-column (fe LastFailedLogin
) and check if enough time has passed to allow further attempts and/or reset the counter.
You will want to use the Membership.MaxInvalidPasswordAttempts property to track the login attempts.
There is a working code example of displaying error messages here:
How many users are we talking, here? 1? Hundreds?
If there is just one, you could create a static int variable and static DateTime variable. When the program is started, set the int nTries to 0 and DateTime staticDate to Now.
Each time you show the login screen, check that nTries < MAX_TRIES and timeSpan < 5 minutes. If timeSpan is greater than 5 minutes, set nTries to 0 and update staticDate to Now.
If you like reading/writing with text files, you could also easily read/write the number of tries to/from a text file. In that case, you could have one line for each user, if you have a small application with just a few users (avoid the database overhead).
If you have hundreds of users, you'll want to use a database. In that database, you can store each user, his last login attempt time stamp, and the number of tries he has had.
you can use this code for that,
//if login failed
if (session["loginclient"] != null)
{
if(Convert.ToInt32(session["loginclient"] ) == 3)
Response.Redirect("Forgetpassword.aspx")
else
session["loginclient"] = Convert.ToInt32(session["loginclient"] ) + 1
}
else
{
session["loginclient"] = 1;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.