locked
Are using count login attempt by this way is correct ? RRS feed

  • Question

  • User696604810 posted

    I need to make count login attempt within period but i dont know are this logic is correct or wrong or something missed

    if any thing wrong please help me or tell me what is remaining ?

    i need to block user when logincount > maxnumber with failed login 

    const int MaxNumberOfFailedAttemptsToLogin = 3;
    const int BlockMinutesAfterLimitFailedAttemptsToLogin = 15;
    public class Users { public DateTime? LastLoginAttemptAt { get; set; } public int LoginFailedAttemptsCount { get; set; } }
    public void CountLoginAttempt(string UserId, string Password,out bool Status) { usr.LoginFailedAttemptsCount = 0; usr.LastLoginAttemptAt = DateTime.Now; Status = true; string getCountLogin = @"select LastLoginAttemptAt , LoginFailedAttemptsCount from Users where Active = 1 AND UserId = @UserID"; DataTable dtgetloginattempt = get result of query getCountLogin if (dtgetloginattempt.Rows.Count > 0) { usr.LoginFailedAttemptsCount = Utilities.ObjectConverter.ConvertToInteger(dtgetloginattempt.Rows[0]["LoginFailedAttemptsCount"]); usr.LastLoginAttemptAt = Utilities.ObjectConverter.ConvertToDateTime(dtgetloginattempt.Rows[0]["LastLoginAttemptAt"]); } if (usr.LoginFailedAttemptsCount > MaxNumberOfFailedAttemptsToLogin && usr.LastLoginAttemptAt.HasValue && DateTime.Now < usr.LastLoginAttemptAt.Value.AddMinutes(BlockMinutesAfterLimitFailedAttemptsToLogin)) { // Login is blocked, need to break the process. // Return error message "Your account was blocked // for a 15 minutes, please try again later." Status = false; return; } var validUserNameAndPassword = UserManager.IsValidUser(UserId, EncryptedPassword); if (!validUserNameAndPassword) { // Invalid password, need to update the number of attempts. usr.LoginFailedAttemptsCount++; if(usr.LoginFailedAttemptsCount==1) { string Sql = @"update Users set LastLoginAttemptAt='" + DateTime.Now.ToString("yyyy/MM/dd HH:mm") + "' , LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID"; } else { string Sql = @"update Users set LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID"; } // Update(login); // Return error message "Invalid username or password" return; } else { usr.LoginFailedAttemptsCount = 0; string Sql = @"update Users set LastLoginAttemptAt=null , LoginFailedAttemptsCount=0 where Active = 1 AND UserId = @UserID "; Status = true; // Update(login); // Success! } }

    Are this logic above is correct or have some thing wrong ?

    Saturday, September 7, 2019 3:18 AM

All replies

  • User696604810 posted

    this code above working but i ask if logic has something wrong or not

    Saturday, September 7, 2019 6:36 PM
  • User711641945 posted

    Hi ahmedbarbary,

    From your code,did you want to limit login failed attempt that it should be three times in every fifteen minutes?If so,from my point of view,the logic seems right.

    Best Regards,

    Rena

    Monday, September 9, 2019 6:53 AM