Introduction:
Here I will explain how to lock or unlock user after 3 attempts in asp.net using c#, vb.net with example or lock user after 3 failed login attempts in asp.net using c#, vb.net with example.
Description:
In previous articles I explained gridview examples in asp.net, bind dropdownlist in asp.net gridview using dataset, validate textbox controls inside gridview in asp.net, cascading dropdownlist in gridview using asp.net, change gridview header dynamically in asp.net, Delete multiple rows in gridview using checkbox in asp.net and many articles relating to gridview, asp.net, c#,vb.net and jQuery. Now I will explain how how to lock or unlock user after 3 attempts in asp.net using c#, vb.net with example.
In previous articles I explained gridview examples in asp.net, bind dropdownlist in asp.net gridview using dataset, validate textbox controls inside gridview in asp.net, cascading dropdownlist in gridview using asp.net, change gridview header dynamically in asp.net, Delete multiple rows in gridview using checkbox in asp.net and many articles relating to gridview, asp.net, c#,vb.net and jQuery. Now I will explain how how to lock or unlock user after 3 attempts in asp.net using c#, vb.net with example.
Before
implement this example first design one table userinformation in your database as
shown below
Column Name
|
Data Type
|
Allow Nulls
|
userid
|
int(IDENTITY=TRUE)
|
No
|
username
|
varchar(50)
|
Yes
|
password
|
varchar(50)
|
Yes
|
location
|
varchar(50)
|
Yes
|
islocked
|
int
|
Yes
|
attemptcount
|
int
|
Yes
|
Once
table created in database enter some dummy data to test application once you
entered some dummy data that will be like as shown below
Now
open your aspx page and write the code like as shown below
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Lock user after 3
attempts in asp.net</title>
</head>
<body>
<form id="form1"
runat="server">
<div>
<table>
<tr>
<td>UserName:</td>
<td><asp:TextBox ID="txtUsername"
runat="server"/></td>
</tr>
<tr>
<td>Password:</td>
<td><asp:TextBox ID="txtPwd"
runat="server"
TextMode="Password"/></td>
</tr>
<tr>
<td></td>
<td><asp:Button ID="btnLogin"
runat="server"
Text="Login"
onclick="btnLogin_Click" /> </td>
</tr>
<tr>
<td colspan="2"><asp:Label ID="lblMsg" runat="server" Font-Bold="true"/> </td>
</tr>
</table>
</div>
</form>
</body>
</html>
|
After completion of aspx page add following namespaces in
codebehind
C#
Code
using System;
using System.Data.SqlClient;
using System.Data;
using System.Drawing;
|
After completion of adding namespaces you need to write the
code like as shown below
int attempts;
protected void Page_Load(object
sender, EventArgs e)
{
}
protected void btnLogin_Click(object
sender, EventArgs e)
{
attempts= Convert.ToInt32(ViewState["attempts"]);
DataSet ds = new DataSet();
DataSet ds1 = new DataSet();
using (SqlConnection con = new
SqlConnection("Data
Source=Suresh;Integrated Security=true;Initial Catalog=MySampleDB"))
{
con.Open();
SqlCommand cmd = new SqlCommand("select userid,attemptcount from userinformation
where username=@username", con);
cmd.Parameters.AddWithValue("@username",
txtUsername.Text);
cmd.Parameters.AddWithValue("@password",
txtPwd.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(ds);
if (ds != null)
{
if (ds.Tables[0].Rows.Count > 0)
{
attempts=Convert.ToInt32(ds.Tables[0].Rows[0]["attemptcount"]);
if (attempts == 3)
{
lblMsg.Text = "Your Account
Already Locked";
lblMsg.ForeColor = Color.Red;
}
else
{
cmd = new SqlCommand("select userid,attemptcount from userinformation
where username=@username and password=@password", con);
cmd.Parameters.AddWithValue("@username",
txtUsername.Text);
cmd.Parameters.AddWithValue("@password",
txtPwd.Text);
da = new SqlDataAdapter(cmd);
da.Fill(ds1);
if (ds1 != null)
{
if (ds1.Tables[0].Rows.Count > 0)
{
ViewState["attempts"]
= ds1.Tables[0].Rows[0]["attemptcount"];
if (Convert.ToInt32(ViewState["attempts"]) != 3)
{
cmd = new SqlCommand("update userinformation set attemptcount=0 where
username=@username and password=@password", con);
cmd.Parameters.AddWithValue("@username",
txtUsername.Text);
cmd.Parameters.AddWithValue("@password",
txtPwd.Text);
cmd.ExecuteNonQuery();
lblMsg.Text = "Logged in
Successfully.";
lblMsg.ForeColor = Color.Green;
}
else
{
lblMsg.Text = "Your Account
Already Locked...Contact Administrator";
lblMsg.ForeColor = Color.Red;
}
}
else
{
string strquery = string.Empty;
if (attempts > 2)
{
strquery = "update userinformation
set islocked=1, attemptcount=@attempts where username=@username and
password=@password";
lblMsg.Text = "You Reached Maximum
Attempts. Your account has been locked";
}
else
{
attempts = attempts + 1;
ViewState["attempts"]
= attempts;
strquery = "update userinformation
set attemptcount=@attempts where username=@username";
if (attempts == 3)
{
lblMsg.Text = "Your Account
Locked";
}
else
lblMsg.Text = "Your Password Wrong
you have only " + (3 - attempts) + "
attempts";
}
cmd = new SqlCommand(strquery,
con);
cmd.Parameters.AddWithValue("@username",
txtUsername.Text);
cmd.Parameters.AddWithValue("@password",
txtPwd.Text);
cmd.Parameters.AddWithValue("@attempts",
attempts);
cmd.ExecuteNonQuery();
lblMsg.ForeColor = Color.Red;
}
}
}
}
else
{
lblMsg.Text = "UserName Not
Exists";
lblMsg.ForeColor = Color.Red;
}
}
con.Close();
}
}
|
VB.NET
Code
Imports System.Data.SqlClient
Imports System.Data
Imports System.Drawing
Partial Class VBCode
Inherits System.Web.UI.Page
Private attempts As Integer
Protected Sub Page_Load(ByVal
sender As Object,
ByVal e As EventArgs)
End Sub
Protected Sub btnLogin_Click(ByVal
sender As Object,
ByVal e As EventArgs)
attempts = Convert.ToInt32(ViewState("attempts"))
Dim ds As New DataSet()
Dim ds1 As New DataSet()
Using con As New SqlConnection("Data
Source=Suresh;Integrated Security=true;Initial Catalog=MySampleDB")
con.Open()
Dim cmd As New SqlCommand("select
userid,attemptcount from userinformation where username=@username",
con)
cmd.Parameters.AddWithValue("@username",
txtUsername.Text)
cmd.Parameters.AddWithValue("@password",
txtPwd.Text)
Dim da As New SqlDataAdapter(cmd)
da.Fill(ds)
If ds IsNot Nothing Then
If ds.Tables(0).Rows.Count > 0 Then
attempts = Convert.ToInt32(ds.Tables(0).Rows(0)("attemptcount"))
If attempts = 3 Then
lblMsg.Text = "Your Account
Already Locked"
lblMsg.ForeColor = Color.Red
Else
cmd = New SqlCommand("select userid,attemptcount from userinformation
where username=@username and password=@password", con)
cmd.Parameters.AddWithValue("@username",
txtUsername.Text)
cmd.Parameters.AddWithValue("@password",
txtPwd.Text)
da = New SqlDataAdapter(cmd)
da.Fill(ds1)
If ds1 IsNot Nothing Then
If ds1.Tables(0).Rows.Count > 0 Then
ViewState("attempts")
= ds1.Tables(0).Rows(0)("attemptcount")
If Convert.ToInt32(ViewState("attempts")) <> 3 Then
cmd = New SqlCommand("update userinformation set attemptcount=0 where
username=@username and password=@password", con)
cmd.Parameters.AddWithValue("@username",
txtUsername.Text)
cmd.Parameters.AddWithValue("@password",
txtPwd.Text)
cmd.ExecuteNonQuery()
lblMsg.Text = "Logged in
Successfully."
lblMsg.ForeColor = Color.Green
Else
lblMsg.Text = "Your Account
Already Locked...Contact Administrator"
lblMsg.ForeColor = Color.Red
End If
Else
Dim strquery As String = String.Empty
If attempts > 2 Then
strquery = "update userinformation
set islocked=1, attemptcount=@attempts where username=@username and
password=@password"
lblMsg.Text = "You Reached Maximum
Attempts. Your account has been locked"
Else
attempts = attempts + 1
ViewState("attempts")
= attempts
strquery = "update userinformation
set attemptcount=@attempts where username=@username"
If attempts = 3 Then
lblMsg.Text = "Your Account
Locked"
Else
lblMsg.Text = "Your Password Wrong
you have only " & (3 - attempts) & " attempts"
End If
End If
cmd = New SqlCommand(strquery,
con)
cmd.Parameters.AddWithValue("@username",
txtUsername.Text)
cmd.Parameters.AddWithValue("@password",
txtPwd.Text)
cmd.Parameters.AddWithValue("@attempts",
attempts)
cmd.ExecuteNonQuery()
lblMsg.ForeColor = Color.Red
End If
End If
End If
Else
lblMsg.Text = "UserName Not
Exists"
lblMsg.ForeColor = Color.Red
End If
End If
con.Close()
End Using
End Sub
End Class
|
Demo
|
Download
Sample Code Attached
If you enjoyed this post, please support the blog below. It's FREE! Get the latest Asp.net, C#.net, VB.NET, jQuery, Plugins & Code Snippets for FREE by subscribing to our Facebook, Twitter, RSS feed, or by email. |
|||
|
|||
4 comments :
I think for marking attempt count you should use username only since we are marking wrong attempt for invalid password so there is no need to pass password in below query.
select userid,attemptcount from userinformation where username=@username and password=@password
as this will never get that information
After two failure attempts 3rd time if user enter correct username and password we need to validate with both username and password that's the reason second time we are checking with username and password...
Hey Suresh,
In this tutorial you have only explain that how Lock User After 3 Attempts . But you have not explained that how to unlock the locked user . Please could you explain the code for unlocked user .
Thanks Regards ,
ROHIN SHARMA
Please explain how to unlock the locked user . Please could you explain the code for unlocked user .
Note: Only a member of this blog may post a comment.