You must Sign In to post a response.
  • Category: ASP.NET

    Check the failed login attempts and prevent the user from login

    I have used authentication of forms in my site and what now i want is to check the failed login attempts of user.If the failed login attempt is more than 3 times then i have to block the user from using the site.How we can achieve this.
  • #651457
    Add a column

    TotalAttempts INT DEFAULT 0


    When the user enters the creadential and sign in, you may handle it in the Stored Procedure, where if the login fails then Update the TotalAttemps with TotalAttemps + 1

    SO your Procedure should be something like


    CREATE PROC dbo.CheckLogin
    (
    @UserName VARCHAR(100)
    , @Password VARCHAR(100)
    )
    AS
    BEGIN
    IF NOT EXISTS(SELECT UserName FROM [UserLogin] WHERE UserName = @UserName AND TotalAttempts = 3)
    BEGIN
    SELECT 'Your Login has been blocked because of three consecutive failed attempts' AS [Message]
    RETURN
    END
    ELSE
    BEGIN
    IF EXISTS(SELECT UserName FROM [UserLogin] WHERE UserName = @UserName AND Password = @Password)
    BEGIN
    UPDATE [userLogin] SET TotalAttempts = 0 WHERE UserName = @UserName AND Password = @Password
    END
    ELSE
    BEGIN
    UPDATE [userLogin] SET TotalAttempts = TotalAttempts + 1
    WHERE UserName = @UserName AND Password = @Password
    END
    END
    END

    Please mark this as Answer, if this helps

    Regards,
    Alwyn Duraisingh.M 
    << Database Administrator >>
    Jesus saves! The rest of us better make backups...

  • #651461
    store the user attempts in session variable and check that variable value.


  • This thread is locked for new responses. Please post your comments and questions as a separate thread.
    If required, refer to the URL of this page in your new post.