How To Block The UserName After 3 Invalid Password Attempts

How To Block The UserName After 3 Invalid Password Attempts

In this post we will learn How To Block The UserName After 3 Invalid Password Attempts.Earlier we have discussed How To Create Login Form In Asp.Net and How To Create Login Form – CSS3.

Here after three invalid login attempts we will show user that your account has been locked, contact system administrator for more information, to accomplish this we are using viewstate.

Design View:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<link href="Style.css" rel="stylesheet" />
<title>How To Create Login Form In Asp.Net</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h1 style="text-align:center">How To Create Login Form In Asp.Net</h1> 
<div class="main">
<div class="login">
<p><asp:TextBox ID="uname" runat="server" type="text"  placeholder="Username"></asp:TextBox></p>
<p><asp:TextBox ID="upass" runat="server" type="password"  placeholder="Password"></asp:TextBox></p>
<p class="forgot">
<label>
<a href="#">Forgot Password ?</a>
</label>
</p>
<p class="submit">
<asp:Button runat="server" ID="submir" type="submit" Text="Login" OnClick="submir_Click" />
</p>
</div>
<div class="footer">
<p>&copy; 2013 All rights reserved by HighTechnology.in
<a href="http://hightechnology.in" target="_blank">HighTechnology.in</a>
| Hosting Partner <a href="http://www.grootstech.com" target="_blank">Grootstech Solutions</a>
</p>
</div>
</div>   
</div>
</form>
</body>
</html>

Code View:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void submir_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connnn"].ConnectionString);
        con.Open();
        SqlCommand cmd = new SqlCommand("select * from users where UserName =@username and Password=@password", con);
        cmd.Parameters.AddWithValue("@username", uname.Text);
        cmd.Parameters.AddWithValue("@password", upass.Text);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        da.Fill(dt);
        if (dt.Rows.Count > 0)
        {
            Response.Redirect("Home.aspx");
        }
        else
        {
            if (System.Convert.ToInt32(ViewState["Tries"]) > 3)
                ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('User Blocked, Contact System Administrator For More information.')</script>");
            else
            {
                // Otherwise, increment number of tries.
                ViewState["Tries"] = System.Convert.ToInt32(ViewState["Tries"]) + 1;
                if (System.Convert.ToInt32(ViewState["Tries"]) > 3)
                ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('User Blocked, Contact System Administrator For More information.')</script>");
            }

            ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password.')</script>");
        }
    }
}