none
Are Using Count Login Attempt Within Period By This Way Is Correct on windows application? RRS feed

  • Question

  • I need to make count login attempt within period but i dont know are this logic is correct or wrong or something missed

    if any thing wrong please help me or tell me what is remaining ?

    i need to block user when failed login attempt within period 

    const int MaxNumberOfFailedAttemptsToLogin = 3;
    const int BlockMinutesAfterLimitFailedAttemptsToLogin = 15;
    
    public class Users
        {
           
            public DateTime? LastLoginAttemptAt { get; set; }
            public int LoginFailedAttemptsCount { get; set; }
        }
    
    public void CountLoginAttempt(string UserId, string Password,out bool Status)
            {
               
                usr.LoginFailedAttemptsCount = 0;
                usr.LastLoginAttemptAt = DateTime.Now;
                Status = true;
               
    
                string getCountLogin = @"select  LastLoginAttemptAt , LoginFailedAttemptsCount from Users where Active = 1 AND UserId = @UserID";
                DataTable dtgetloginattempt = get result of query getCountLogin
                if (dtgetloginattempt.Rows.Count > 0)
                {
                    usr.LoginFailedAttemptsCount = Utilities.ObjectConverter.ConvertToInteger(dtgetloginattempt.Rows[0]["LoginFailedAttemptsCount"]);
                    usr.LastLoginAttemptAt = Utilities.ObjectConverter.ConvertToDateTime(dtgetloginattempt.Rows[0]["LastLoginAttemptAt"]);
                }
                if (usr.LoginFailedAttemptsCount > MaxNumberOfFailedAttemptsToLogin
                && usr.LastLoginAttemptAt.HasValue
                && DateTime.Now < usr.LastLoginAttemptAt.Value.AddMinutes(BlockMinutesAfterLimitFailedAttemptsToLogin))
                {
                    // Login is blocked, need to break the process.
                    // Return error message "Your account was blocked 
                    // for a 15 minutes, please try again later."
                    Status = false;
                    return;
                }
               
                
               
                var validUserNameAndPassword = UserManager.IsValidUser(UserId, EncryptedPassword);
                if (!validUserNameAndPassword)
                {
                    // Invalid password, need to update the number of attempts.
         
                    usr.LoginFailedAttemptsCount++;
                    
    
                    
                    if(usr.LoginFailedAttemptsCount==1)
                    {
                        string Sql = @"update Users set LastLoginAttemptAt='" + DateTime.Now.ToString("yyyy/MM/dd HH:mm") + "' , LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";
                        
                    }
                    else
                    {
                        string Sql = @"update Users set  LoginFailedAttemptsCount=" + usr.LoginFailedAttemptsCount + " where Active = 1 AND UserId = @UserID";
                        
                    }
                    
                    // Update(login);
                    // Return error message "Invalid username or password"
                    return;
                }
                else
                {
                    usr.LoginFailedAttemptsCount = 0;
                
                    string Sql = @"update Users set LastLoginAttemptAt=null , LoginFailedAttemptsCount=0 where Active = 1 AND UserId = @UserID ";
                    
                    Status = true;
                    // Update(login);
                    // Success!
                }
            }
    Are this logic above is correct or have some thing wrong ?
    
    

    Saturday, September 7, 2019 4:37 AM

All replies

  • any one can help me

    this code above count login attempt failed 

    are there are any wrong on my code above

    Saturday, September 7, 2019 4:50 PM
  • It looks OK to me … I didn't actually try to run it, just "eye-balled" it. Why do you ask? Is it not working for you?

    ~~Bonnie DeWitt [C# MVP]

    http://geek-goddess-bonnie.blogspot.com

    Sunday, September 8, 2019 12:10 AM
    Moderator
  • Hi engahmedbarbary, 

    Thank you for posting here.

    I try to make a test for your question, but I need more information.

    Could you provide more details about your exception with which line of the code thrown the exception and some code about ‘Utilities.ObjectConverter.ConvertToInteger()’? It will help us to do the test.

    We are waiting for your update.

    Best Regards,

    Xingyu Zhao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, September 9, 2019 7:47 AM
    Moderator
  • If they're not blocked, but the login attempt fails, you are leaving Status = true.  If that's used to decide "successful login", then that would be wrong.

    Tim Roberts | Driver MVP Emeritus | Providenza &amp; Boekelheide, Inc.

    Monday, September 9, 2019 8:52 PM