ASP.NET : Lock user for day after 3 invalid login attempt - Free Asp.Net,MVC,AngularJs,Jquery,Javascript,Sql Server,WCF,Entity framework snippets and tutorial

ASP.NET : Lock user for day after 3 invalid login attempt

In this article I am going to explain how to lock the user for day after 3 invalid login attempt in asp.net.

Description:
I want to lock the users for a day after 3 invalid login attempt. For example if user try to login on 25 November with 3 wrong password attempt, he/she will be locked for 25 November. He/she can’t login even enter correct password. He will be able to login on 26 November.  

Implementation:
I have created a table user_login


ASP.NET : Lock user for  day after 3 invalid login attempt


Create store to validate users:

Create PROCEDURE [UserLogin]
(@UserName VARCHAR(50),
@Password VARCHAR(50)
)
AS
BEGIN
declare @todaydate date =getdate()
declare @attempt int
declare @dateadd date
declare @output varchar(20)
set @dateadd= (select Logindate from dbo.user_login where Username=@UserName)
set @attempt = (select FailedAttempt from dbo.user_login WHERE UserName = @UserName)       
if(@todaydate = @dateadd)
IF EXISTS(SELECT UserName FROM user_login WHERE UserName = @UserName AND pwd = @Password and Is_Locked=0 AND (ISNULL(FailedAttempt, 0) < 3))
    BEGIN
    UPDATE user_login
        SET
        Logindate = GETDATE()
        WHERE UserName = @UserName
        set @output ='Success'
select @output as 'Users'
    END   
     ELSE IF not exists(SELECT UserName FROM user_login WHERE UserName = @UserName)
  begin
    set @output ='not exist'
select @output as 'Users'
  end
  ELSE
    BEGIN
        IF (SELECT ISNULL(FailedAttempt, 0) FROM user_login WHERE UserName = @UserName) < 3
        BEGIN
            UPDATE user_login
            SET FailedAttempt = ISNULL(FailedAttempt, 0) + 1,            
            Logindate = GETDATE()
            WHERE UserName = @UserName
             set @output ='Fail'
select @output as 'Users'
        END       
        else
begin
UPDATE user_login SET Is_Locked=1 WHERE UserName = @UserName
 set @output ='Locked'
select @output as 'Users'
end
end
else
begin
if(@todaydate > @dateadd)
 UPDATE user_login SET FailedAttempt = 0, Is_Locked=0 WHERE UserName = @UserName
IF EXISTS(SELECT UserName FROM user_login WHERE UserName = @UserName AND pwd = @Password and Is_Locked=0 AND (ISNULL(FailedAttempt, 0) < 3))
    BEGIN
    UPDATE user_login
        SET FailedAttempt = NULL,      
        Logindate = GETDATE()
        WHERE UserName = @UserName
        set @output ='Success'
select @output as 'Users'
    END
     ELSE IF not exists(SELECT UserName FROM user_login WHERE UserName = @UserName)
  begin
    set @output ='not exist'
select @output as 'Users'
  end
    ELSE
    BEGIN
        IF (SELECT ISNULL(FailedAttempt, 0) FROM user_login WHERE UserName = @UserName) < 3
        BEGIN
            UPDATE user_login
            SET FailedAttempt = ISNULL(FailedAttempt, 0) + 1,
            Logindate = GETDATE()
            WHERE UserName = @UserName
             set @output ='Fail'
select @output as 'Users'
 END
        else
begin
UPDATE user_login SET Is_Locked=1 WHERE UserName = @UserName
 set @output ='Locked'
select @output as 'Users'
end
end
end
END

Now add a webform to project.
Complete HTML Markup of webform:

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Lock users</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
     <fieldset style="width:20%">
            <legend>Login</legend>
      
        <table>
            <tr>
                <td>Username :</td>
                <td>  <asp:TextBox ID="txtusername" runat="server"></asp:TextBox></td>
            </tr>
            <tr>
                <td>Password :</td>
                <td> <asp:TextBox ID="txtpassword" TextMode="Password" runat="server"></asp:TextBox></td>
            </tr>
            <tr>
                <td></td>
                <td><asp:Button ID="Button1" runat="server" Text="Login" />
                    <asp:Button ID="btncancel" runat="server" Text="Cancel"/></td>
            </tr>
        </table>
    </fieldset>
    </div>
    </form>
</body>
</html>

Add namespace

C# Code :
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

VB.Net Code :
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration

On login button click write the below given code:
C# Code :

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ToString());
protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
            SqlDataAdapter adp = new SqlDataAdapter("UserLogin", con);
            adp.SelectCommand.CommandType = CommandType.StoredProcedure;
            adp.SelectCommand.Parameters.AddWithValue("@UserName", txtusername.Text);
            adp.SelectCommand.Parameters.AddWithValue("@Password", txtpassword.Text);
            DataTable dt = new DataTable();
            adp.Fill(dt);
            string login = dt.Rows[0]["Users"].ToString();
            if (login == "Success")
            {               
                Messagebox("Login Successfully");
                Response.Redirect("dashboard.aspx");
            }
            else if (login == "Fail")
            {
                Messagebox("Login failed !!! Check username & password");
            }
            else if (login == "not exist")
            {
                Messagebox("User not exist !!! Check username & password");
            }
            else
            {
                Messagebox("You are Locked for today. Please come tomorrow & login");
            }
        }
            catch(Exception ex){}
        }
    private void Messagebox(string Message)
    {
        Label lblMessageBox = new Label();
        lblMessageBox.Text =
            "<script language='javascript'>" + Environment.NewLine +
            "window.alert('" + Message + "')</script>";
        Page.Controls.Add(lblMessageBox);
    }

    protected void btncancel_Click(object sender, EventArgs e)
    {
        txtusername.Text = "";
        txtpassword.Text = "";
    }

VB.Net Code :

Private con As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("connection").ToString())

    Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        Try
            Dim adp As SqlDataAdapter = New SqlDataAdapter("UserLogin", con)
            adp.SelectCommand.CommandType = CommandType.StoredProcedure
            adp.SelectCommand.Parameters.AddWithValue("@UserName", txtusername.Text)
            adp.SelectCommand.Parameters.AddWithValue("@Password", txtpassword.Text)
            Dim dt As DataTable = New DataTable()
            adp.Fill(dt)
            Dim login As String = dt.Rows(0)("Users").ToString()
            If login = "Success" Then
                Messagebox("Login Successfully")
                Response.Redirect("dashboard.aspx")
            ElseIf login = "Fail" Then
                Messagebox("Login failed !!! Check username & password")
            ElseIf login = "not exist" Then
                Messagebox("User not exist !!! Check username & password")
            Else
                Messagebox("You are Locked for today. Please come tomorrow & login")
            End If
        Catch ex As Exception
        End Try
    End Sub
    Private Sub Messagebox(ByVal Message As String)
        Dim lblMessageBox As Label = New Label()
        lblMessageBox.Text = "<script language='javascript'>" & Environment.NewLine & "window.alert('" & Message & "')</script>"
        Page.Controls.Add(lblMessageBox)
    End Sub

    Protected Sub btncancel_Click(sender As Object, e As EventArgs) Handles btncancel.Click
        txtusername.Text = ""
        txtpassword.Text = ""
    End Sub


What do you think about this article?

If you found this article useful, please share and follow on Facebook, Twitter, Google Plus and other social media websites. To get free updates subscribe to newsletter. Please put your thoughts and feedback in comments section.

Share this

Share on FacebookTweet on TwitterPlus on Google+


EmoticonEmoticon