Lock User After 3 Attempts in Asp.net using C#, VB.NET with Example

Before implement this example first design one table userinformation in your database as shown below

Column Name	Data Type	Allow Nulls
userid	int(IDENTITY=TRUE)	No
username	varchar(50)	Yes
password	varchar(50)	Yes
location	varchar(50)	Yes
islocked	int	Yes
attemptcount	int	Yes

Once table created in database enter some dummy data to test application once you entered some dummy data that will be like as shown below

Now open your aspx page and write the code like as shown below

<title>Lock user after 3 attempts in asp.net</title>

</head>

<body>

<div>

<table>

<tr>

<td>UserName:</td>

</tr>

<tr>

<td>Password:</td>

</tr>

<tr>

<td><asp:Button ID="btnLogin" runat="server" Text="Login"

onclick="btnLogin_Click" /> </td>

</tr>

<tr>

</tr>

</table>

</div>

</form>

</body>

</html>

After completion of aspx page add following namespaces in codebehind

C# Code

using System;

using System.Data.SqlClient;

using System.Data;

using System.Drawing;

After completion of adding namespaces you need to write the code like as shown below

int attempts;

protected void Page_Load(object sender, EventArgs e)

{

}

protected void btnLogin_Click(object sender, EventArgs e)

{

attempts= Convert.ToInt32(ViewState["attempts"]);

DataSet ds = new DataSet();

DataSet ds1 = new DataSet();

using (SqlConnection con = new SqlConnection("Data Source=Suresh;Integrated Security=true;Initial Catalog=MySampleDB"))

{

con.Open();

SqlCommand cmd = new SqlCommand("select userid,attemptcount from userinformation where username=@username", con);

cmd.Parameters.AddWithValue("@username", txtUsername.Text);

cmd.Parameters.AddWithValue("@password", txtPwd.Text);

SqlDataAdapter da = new SqlDataAdapter(cmd);

da.Fill(ds);

if (ds != null)

{

if (ds.Tables[0].Rows.Count > 0)

{

attempts=Convert.ToInt32(ds.Tables[0].Rows[0]["attemptcount"]);

if (attempts == 3)

{

lblMsg.Text = "Your Account Already Locked";

lblMsg.ForeColor = Color.Red;

}

else

{

cmd = new SqlCommand("select userid,attemptcount from userinformation where username=@username and password=@password", con);

cmd.Parameters.AddWithValue("@username", txtUsername.Text);

cmd.Parameters.AddWithValue("@password", txtPwd.Text);

da = new SqlDataAdapter(cmd);

da.Fill(ds1);

if (ds1 != null)

{

if (ds1.Tables[0].Rows.Count > 0)

{

ViewState["attempts"] = ds1.Tables[0].Rows[0]["attemptcount"];

if (Convert.ToInt32(ViewState["attempts"]) != 3)

{

cmd = new SqlCommand("update userinformation set attemptcount=0 where username=@username and password=@password", con);

cmd.Parameters.AddWithValue("@username", txtUsername.Text);

cmd.Parameters.AddWithValue("@password", txtPwd.Text);

cmd.ExecuteNonQuery();

lblMsg.Text = "Logged in Successfully.";

lblMsg.ForeColor = Color.Green;

}

else

{

lblMsg.Text = "Your Account Already Locked...Contact Administrator";

lblMsg.ForeColor = Color.Red;

}

else

{

string strquery = string.Empty;

if (attempts > 2)

{

strquery = "update userinformation set islocked=1, attemptcount=@attempts where username=@username and password=@password";

lblMsg.Text = "You Reached Maximum Attempts. Your account has been locked";

}

else

{

attempts = attempts + 1;

ViewState["attempts"] = attempts;

strquery = "update userinformation set attemptcount=@attempts where username=@username";

if (attempts == 3)

{

lblMsg.Text = "Your Account Locked";

}

else

lblMsg.Text = "Your Password Wrong you have only " + (3 - attempts) + " attempts";

}

cmd = new SqlCommand(strquery, con);

cmd.Parameters.AddWithValue("@username", txtUsername.Text);

cmd.Parameters.AddWithValue("@password", txtPwd.Text);

cmd.Parameters.AddWithValue("@attempts", attempts);

cmd.ExecuteNonQuery();

lblMsg.ForeColor = Color.Red;

}

else

{

lblMsg.Text = "UserName Not Exists";

lblMsg.ForeColor = Color.Red;

}

con.Close();

}

KANSIRIS

Lock User After 3 Attempts in Asp.net using C#, VB.NET with Example

0 comments:

Post a Comment

Complete Tutorials

Popular Posts

Labels