This article will show you how you can deactivate user account after 3 consecutive failed login attempts in asp.net using c#. This validation will take from sql server database.
So for this article first we will create the user table in sql database.
After this we will create a new application in asp.net and add create a login form.
<table width="100%">
<tr>
<td style="text-align: right;">User Id</td>
<td style="text-align: right;">
<asp:TextBox ID="txtUSerId" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td style="text-align: right;">Password</td>
<td style="text-align: right;">
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox></td>
</tr>
<tr>
<td style="text-align: center;" colspan="2">
<asp:Button ID="Button1" runat="server" Text="Submit" OnClick="Button1_Click" />
<br />
<asp:Label ID="lblmessage" runat="server" Style="color: #FF3300" Text=""></asp:Label></td>
</tr>
</table>
In above code I have created a login page. In this user id and password field is there. Now we will write code on button click.
protected void Button1_Click(object sender, EventArgs e)
{
try
{
DataSet ds = new DataSet();
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;Initial Catalog=Demo;Integrated Security=True");
string query = "select * from UserLoginDetail Where [UserId]='" + txtUSerId.Text + "' and [Password]='" + txtPassword.Text + "' and [StatusId]=1;";
con.Open();
SqlDataAdapter da = new SqlDataAdapter(query, con);
da.Fill(ds);
con.Close();
if (ds.Tables[0].Rows.Count > 0)
{
Session["LoginCount"] = 0;
Response.Redirect("SuccessPage.aspx");
}
else
{
Session["LoginCount"] = Convert.ToInt32(Session["LoginCount"]) + 1;
if (Convert.ToInt32(Session["LoginCount"]) > 3)
{
lblmessage.Text = DeactivateLoginAccount();
}
else
{
lblmessage.Text = "Please enter a valid login detail.";
}
}
}
catch
{
}
}
private string DeactivateLoginAccount()
{
DataSet ds = new DataSet();
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;Initial Catalog=Demo;Integrated Security=True");
string query = "select * from UserLoginDetail Where [UserId]='" + txtUSerId.Text + "';Update UserLoginDetail set StatusId=0 Where [UserId]='" + txtUSerId.Text + "';";
con.Open();
SqlDataAdapter da = new SqlDataAdapter(query, con);
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
return "Your Account is Locaked. Please contact to admin.";
}
else
{
return "Please enter a valid login detail.";
}
con.Close();
}
In above code I have stored the user failed login attempts into session. And after each fail attempt I am increasing the count. After 3 failed attempts If user enter wrong userid and password ion password. I have called a function named as DeactivateLoginAccount(). So check the detail explanation of this function.
private string DeactivateLoginAccoint()
{
DataSet ds = new DataSet();
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;Initial Catalog=Demo;Integrated Security=True");
string query = "select * from UserLoginDetail Where [UserId]='" + txtUSerId.Text + "';Update UserLoginDetail set StatusId=0 Where [UserId]='" + txtUSerId.Text + "';";
con.Open();
SqlDataAdapter da = new SqlDataAdapter(query, con);
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
return "Your Account is Locaked. Please contact to admin.";
}
else
{
return "Enter user id does not belong to application.";
}
con.Close();
}
In above code I have first written query to select the use detail, and then updated. If have not enter the correct user id. On that case then he will we will not get ant value in dataset and we will display the message that user does not belong to application. Otherwise we will display the account lock message.
Now we have done just check the output.
Now check the table detail.