ASP.Net Form Security

B

Big E

I'm using ASP.Net Form Security. I have a login page and a redirect page
etc...
What I want to do is setup some type of anti-dictionary hack code.

If someone tries to login unsuccessfully 7 times I want to send them a
custom error page. I'm not sure of the best way to check if they had tried
to login 7 times. Do I need to store in a database. I can't use session
variables because I have various apps on various servers. Can I create some
loop that counts how many times this user has attempted to logon.

Any tips or articles would be great.

Thanks.
 
S

Steve C. Orr [MVP, MCSD]

Increment a counter field for the user record in your database.
If somebody fails the login for that user x number of times, disable the
user account and contact the user to notify them that somebody may be trying
to hack into their account. If everything checks out then enable their
account again.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Form Security Name Format 1
asp.net sqlmembershipprovider integrated security 1
security... 0
Security issue on Windows7 1
Role base security and RedirectUrl 3
Security issue with an HTA frame 10
Script works fine on test server but not on production server 3
Questions on asp.net site security 0

Members online

No members online now.
Total: 33 (members: 0, guests: 33)
Robots: 455

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,048
Latest member
verona

Latest Threads

Top