Aspdotnet-Suresh

aspdotnet-suresh offers C#.net articles and tutorials,csharp dot net,asp.net articles and tutorials,VB.NET Articles,Gridview articles,code examples of asp.net 2.0 /3.5,AJAX,SQL Server Articles,examples of .net technologies

Lock User After 3 Attempts in Asp.net using C#, VB.NET with Example

Apr 17, 2015
Introduction

Here I will explain how to lock or unlock user after 3 attempts in
asp.net using c#, vb.net with example or lock user after 3 failed login attempts in asp.net using c#, vb.net with example.


Before implement this example first design one table userinformation in your database as shown below

Column Name
Data Type
Allow Nulls
userid
int(IDENTITY=TRUE)
No
username
varchar(50)
Yes
password
varchar(50)
Yes
location
varchar(50)
Yes
islocked
int
Yes
attemptcount
int
Yes
Once table created in database enter some dummy data to test application once you entered some dummy data that will be like as shown below



Now open your aspx page and write the code like as shown below


<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Lock user after 3 attempts in asp.net</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<table>
<tr>
<td>UserName:</td>
<td><asp:TextBox ID="txtUsername" runat="server"/></td>
</tr>
<tr>
<td>Password:</td>
<td><asp:TextBox ID="txtPwd" runat="server" TextMode="Password"/></td>
</tr>
<tr>
<td></td>
<td><asp:Button ID="btnLogin" runat="server" Text="Login"
onclick="btnLogin_Click" />  </td>
</tr>
<tr>
<td colspan="2"><asp:Label ID="lblMsg" runat="server" Font-Bold="true"/> </td>
</tr>
</table>
</div>
</form>
</body>
</html>

After completion of aspx page add following namespaces in codebehind

C# Code


using System;
using System.Data.SqlClient;
using System.Data;
using System.Drawing;

After completion of adding namespaces you need to write the code like as shown below


int attempts;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
attempts= Convert.ToInt32(ViewState["attempts"]);
DataSet ds = new DataSet();
DataSet ds1 = new DataSet();
using (SqlConnection con = new SqlConnection("Data Source=Suresh;Integrated Security=true;Initial Catalog=MySampleDB"))
{
con.Open();
SqlCommand cmd = new SqlCommand("select userid,attemptcount from userinformation where username=@username", con);
cmd.Parameters.AddWithValue("@username", txtUsername.Text);
cmd.Parameters.AddWithValue("@password", txtPwd.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(ds);
if (ds != null)
{
if (ds.Tables[0].Rows.Count > 0)
{
attempts=Convert.ToInt32(ds.Tables[0].Rows[0]["attemptcount"]);
if (attempts == 3)
{
lblMsg.Text = "Your Account Already Locked";
lblMsg.ForeColor = Color.Red;
}
else
{
cmd = new SqlCommand("select userid,attemptcount from userinformation where username=@username and password=@password", con);
cmd.Parameters.AddWithValue("@username", txtUsername.Text);
cmd.Parameters.AddWithValue("@password", txtPwd.Text);
da = new SqlDataAdapter(cmd);
da.Fill(ds1);

if (ds1 != null)
{
if (ds1.Tables[0].Rows.Count > 0)
{
ViewState["attempts"] = ds1.Tables[0].Rows[0]["attemptcount"];
if (Convert.ToInt32(ViewState["attempts"]) != 3)
{
cmd = new SqlCommand("update userinformation set attemptcount=0 where username=@username and password=@password", con);
cmd.Parameters.AddWithValue("@username", txtUsername.Text);
cmd.Parameters.AddWithValue("@password", txtPwd.Text);
cmd.ExecuteNonQuery();
lblMsg.Text = "Logged in Successfully.";
lblMsg.ForeColor = Color.Green;
}
else
{
lblMsg.Text = "Your Account Already Locked...Contact Administrator";
lblMsg.ForeColor = Color.Red;
}
}
else
{
string strquery = string.Empty;
if (attempts > 2)
{
strquery = "update userinformation set islocked=1, attemptcount=@attempts where username=@username and password=@password";
lblMsg.Text = "You Reached Maximum Attempts. Your account has been locked";
}
else
{
attempts = attempts + 1;
ViewState["attempts"] = attempts;
strquery = "update userinformation set attemptcount=@attempts where username=@username";
if (attempts == 3)
{
lblMsg.Text = "Your Account Locked";
}
else
lblMsg.Text = "Your Password Wrong you have only " + (3 - attempts) + " attempts";
}
cmd = new SqlCommand(strquery, con);
cmd.Parameters.AddWithValue("@username", txtUsername.Text);
cmd.Parameters.AddWithValue("@password", txtPwd.Text);
cmd.Parameters.AddWithValue("@attempts", attempts);
cmd.ExecuteNonQuery();
lblMsg.ForeColor = Color.Red;
}
}
}
}
else
{
lblMsg.Text = "UserName Not Exists";
lblMsg.ForeColor = Color.Red;
}
}
con.Close();
}
}
VB.NET Code


Imports System.Data.SqlClient
Imports System.Data
Imports System.Drawing
Partial Class VBCode
Inherits System.Web.UI.Page
Private attempts As Integer
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
End Sub
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As EventArgs)
attempts = Convert.ToInt32(ViewState("attempts"))
Dim ds As New DataSet()
Dim ds1 As New DataSet()
Using con As New SqlConnection("Data Source=Suresh;Integrated Security=true;Initial Catalog=MySampleDB")
con.Open()
Dim cmd As New SqlCommand("select userid,attemptcount from userinformation where username=@username", con)
cmd.Parameters.AddWithValue("@username", txtUsername.Text)
cmd.Parameters.AddWithValue("@password", txtPwd.Text)
Dim da As New SqlDataAdapter(cmd)
da.Fill(ds)
If ds IsNot Nothing Then
If ds.Tables(0).Rows.Count > 0 Then
attempts = Convert.ToInt32(ds.Tables(0).Rows(0)("attemptcount"))
If attempts = 3 Then
lblMsg.Text = "Your Account Already Locked"
lblMsg.ForeColor = Color.Red
Else
cmd = New SqlCommand("select userid,attemptcount from userinformation where username=@username and password=@password", con)
cmd.Parameters.AddWithValue("@username", txtUsername.Text)
cmd.Parameters.AddWithValue("@password", txtPwd.Text)
da = New SqlDataAdapter(cmd)
da.Fill(ds1)

If ds1 IsNot Nothing Then
If ds1.Tables(0).Rows.Count > 0 Then
ViewState("attempts") = ds1.Tables(0).Rows(0)("attemptcount")
If Convert.ToInt32(ViewState("attempts")) <> 3 Then
cmd = New SqlCommand("update userinformation set attemptcount=0 where username=@username and password=@password", con)
cmd.Parameters.AddWithValue("@username", txtUsername.Text)
cmd.Parameters.AddWithValue("@password", txtPwd.Text)
cmd.ExecuteNonQuery()
lblMsg.Text = "Logged in Successfully."
lblMsg.ForeColor = Color.Green
Else
lblMsg.Text = "Your Account Already Locked...Contact Administrator"
lblMsg.ForeColor = Color.Red
End If
Else
Dim strquery As String = String.Empty
If attempts > 2 Then
strquery = "update userinformation set islocked=1, attemptcount=@attempts where username=@username and password=@password"
lblMsg.Text = "You Reached Maximum Attempts. Your account has been locked"
Else
attempts = attempts + 1
ViewState("attempts") = attempts
strquery = "update userinformation set attemptcount=@attempts where username=@username"
If attempts = 3 Then
lblMsg.Text = "Your Account Locked"
Else
lblMsg.Text = "Your Password Wrong you have only " & (3 - attempts) & " attempts"
End If
End If
cmd = New SqlCommand(strquery, con)
cmd.Parameters.AddWithValue("@username", txtUsername.Text)
cmd.Parameters.AddWithValue("@password", txtPwd.Text)
cmd.Parameters.AddWithValue("@attempts", attempts)
cmd.ExecuteNonQuery()
lblMsg.ForeColor = Color.Red
End If
End If
End If
Else
lblMsg.Text = "UserName Not Exists"
lblMsg.ForeColor = Color.Red
End If
End If
con.Close()
End Using
End Sub
End Class

Demo

Download Sample Code Attached




If you enjoyed this post, please support the blog below. It's FREE!

Get the latest Asp.net, C#.net, VB.NET, jQuery, Plugins & Code Snippets for FREE by subscribing to our Facebook, Twitter, RSS feed, or by email.

subscribe by rss Subscribe by RSS subscribe by email Subscribe by Email

4 comments :

Anand Manmohan Bohra said...

I think for marking attempt count you should use username only since we are marking wrong attempt for invalid password so there is no need to pass password in below query.
select userid,attemptcount from userinformation where username=@username and password=@password

as this will never get that information

Suresh Dasari said...

After two failure attempts 3rd time if user enter correct username and password we need to validate with both username and password that's the reason second time we are checking with username and password...

ROHIN SHARMA said...

Hey Suresh,
In this tutorial you have only explain that how Lock User After 3 Attempts . But you have not explained that how to unlock the locked user . Please could you explain the code for unlocked user .





Thanks Regards ,
ROHIN SHARMA

Unknown said...

Please explain how to unlock the locked user . Please could you explain the code for unlocked user .

Give your Valuable Comments

Note: Only a member of this blog may post a comment.

© 2015 Aspdotnet-Suresh.com. All Rights Reserved.
The content is copyrighted to Suresh Dasari and may not be reproduced on other websites without permission from the owner.