Login - Allow only 3 attempts

Question

我正在创建一个新的应用程序..我成功创建了一个登录页面..现在我需要修改登录页面..只允许用户进行3次尝试..如果用户错误地输入密码超过3次（5次以内） min）他的帐户必须被屏蔽。并且必须显示错误消息，因为您无法访问您的页面..请分享您的想法...

Answer 1

use a MembershipProvider and in your web.config, in system.web you can configure number of attempts and timeouts. Set maxInvalidPasswordAttempts="3" and passwordAttemptWindow="5" for your requirements.

<membership defaultProvider="MyMembershipProvider">
  <providers>
    <clear/>
    <add name="MyMembershipProvider"
         type="MyMembershipProvider"
         autogenerateschema="true"
         connectionStringName="MyConnectionString"
         enablePasswordRetrieval="false"
         enablePasswordReset="true"
         requiresQuestionAndAnswer="false"
         requiresUniqueEmail="false"
         passwordFormat="Hashed"
         maxInvalidPasswordAttempts="3"
         minRequiredPasswordLength="8"
         minRequiredNonalphanumericCharacters="1"
         passwordAttemptWindow="5"
         passwordStrengthRegularExpression=""
         applicationName="/"  />
  </providers>
</membership>

This will require some configuration, but when configured properly (maybe even with a roleprovider) the default asp.net Login Controls can handle almost everything for you, even a PasswordRecovery and CreateUserWizard. The MembershipProvider will generate all required tables for user registration automatically.

The database can be a mdb file, ms sqlserver or mysql database.

Answer 2

Simply add an int-column to the user-table called FailedLogins . Count it up everytime it he fails and if the counter is bigger then 3 don't allow any logins anymore from that account.

Edit: If you want to reset the tries after a certain amount of time, you'll have to add a datetime-column (fe LastFailedLogin ) and check if enough time has passed to allow further attempts and/or reset the counter.

Answer 3

You will want to use the Membership.MaxInvalidPasswordAttempts property to track the login attempts.

There is a working code example of displaying error messages here:

http://forums.asp.net/p/1520434/3652047.aspx

Answer 4

How many users are we talking, here? 1? Hundreds?

If there is just one, you could create a static int variable and static DateTime variable. When the program is started, set the int nTries to 0 and DateTime staticDate to Now.

Each time you show the login screen, check that nTries < MAX_TRIES and timeSpan < 5 minutes. If timeSpan is greater than 5 minutes, set nTries to 0 and update staticDate to Now.

If you like reading/writing with text files, you could also easily read/write the number of tries to/from a text file. In that case, you could have one line for each user, if you have a small application with just a few users (avoid the database overhead).

If you have hundreds of users, you'll want to use a database. In that database, you can store each user, his last login attempt time stamp, and the number of tries he has had.

Answer 5

you can use this code for that,

//if login failed
if (session["loginclient"] != null)
{
     if(Convert.ToInt32(session["loginclient"] ) == 3)
          Response.Redirect("Forgetpassword.aspx")
     else
          session["loginclient"] = Convert.ToInt32(session["loginclient"] ) + 1
}
else
{
    session["loginclient"] = 1;
}