session lock out

Guest · Sep 22, 2005

I have an asp.net application using forms auth with a login window. I have
datanames and encrypted passwords in data tables and after 3 unsuccessful
user login attempts the user is directed to an access denied page. I was
just wondering if for example a user named Tom makes 3 failed login attempts
how to lock out any future attempts by user login name Tom, say for the next
20-30 minutes. thanks.

Marina · Sep 22, 2005

One way is to add another field to your database table that has the lockout
time that you set after the 3rd attempt to the current time.
Every time someone logs in, you check if it's been 30 minutes since the
lockout time. If the lockout time field is empty, or it's been 30 minutes,
you allow the user to login in, and clear out the field if it wasn't empty
to begin with.

Guest · Sep 22, 2005

ok thanks sounds like a good idea.
--
Paul G
Software engineer.

Marina said:
One way is to add another field to your database table that has the lockout
time that you set after the 3rd attempt to the current time.
Every time someone logs in, you check if it's been 30 minutes since the
lockout time. If the lockout time field is empty, or it's been 30 minutes,
you allow the user to login in, and clear out the field if it wasn't empty
to begin with.

How to Create a random password generator in a separate window	4	May 26, 2022
asp:login control - user prompted to log in twice if session disab	3	Sep 20, 2007
Concurrent Access to same Session wrt Lock Time-out - what is it?	3	Mar 1, 2006
Auto-lock out module after 3-5 unsuccessful logins	4	Dec 13, 2004
Session Timeout, not working	2	Feb 19, 2008
Session Problems	0	Dec 26, 2008
Web.Config - Session Time Out - Load Balancing	1	Mar 24, 2005
Session object timout	2	Dec 26, 2004

session lock out

Guest

Marina

Guest

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads