How to use Timeout in ASP.NET application?

Question

I'm doing a Login -page in ASP.NET, and I want to block a user after 3 failed attempts and unblock him after 10 mins. I didn't use a Login Control, so I can't use Membership Provider, so I thought about using Timeout. How to modify the code below to block and unblock the user ?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using Replicon.Cryptography.SCrypt;

namespace WebApplication1
{
    public partial class SignIn : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        public class LoginAttempt {  public DateTime AttemptTime {get;set;} }
        protected void Button1_Click(object sender, EventArgs e)
        {
            String CS = ConfigurationManager.ConnectionStrings["MyDatabaseConnectionString1"].ConnectionString;
            using (SqlConnection con = new SqlConnection(CS))
            {

                SqlCommand cmd = new SqlCommand("select * from Users where Username=@Username", con);
                cmd.Parameters.Add("@Username", Username.Text);
                con.Open();
                SqlDataAdapter sda = new SqlDataAdapter(cmd);
                DataTable dt = new DataTable();
                sda.Fill(dt);
                if (dt.Rows.Count != 0)
                {
                    foreach (DataRow row in dt.Rows)
                    {
                        if (Replicon.Cryptography.SCrypt.SCrypt.Verify(Password.Text, (string)row["Password"]))
                        {  
                            Session["USERNAME "] = Username.Text;
                            Response.Redirect("~/UserHome.aspx");
                            return;
                        }

                        { lblError.Text = "Invalid Username or Password !"; }
                    }
                }


            }
        }


    }
}

score 0 · Answer 1 · answered May 30 '16 at 13:38

you can use session if you faced error you need to initial session value in global asax

if(Session["DateTime"]==null)
{
String CS = ConfigurationManager.ConnectionStrings["MyDatabaseConnectionString1"].ConnectionString;
            using (SqlConnection con = new SqlConnection(CS))
            {

                SqlCommand cmd = new SqlCommand("select * from Users where Username=@Username", con);
                cmd.Parameters.Add("@Username", Username.Text);
                con.Open();
                SqlDataAdapter sda = new SqlDataAdapter(cmd);
                DataTable dt = new DataTable();
                sda.Fill(dt);





               if (dt.Rows.Count != 0)
                {
                    foreach (DataRow row in dt.Rows)
                    {
                        if (Replicon.Cryptography.SCrypt.SCrypt.Verify(Password.Text, (string)row["Password"]))
                        {  
                            Session["USERNAME "] = Username.Text;
                            Response.Redirect("~/UserHome.aspx");
                            return;
                        }

                        { lblError.Text = "Invalid Username or Password !"; }
                    }
                }
else
{
if(Convert.ToInt32(Session["errorlogin"])>3)
{
    Session["DateTime"]=DateTime.Now;
}
Session["errorlogin"]=Convert.ToInt32(Session["errorlogin"])+1;


}
}
}

in Session_Start initial Session["DateTime"] and Session["errorlogin"] — Abdalmohaymen Alesmaeel, May 30 '16 at 13:57
I tried the code above, and it blocks all the users. What should I do ? — Alex.d, May 30 '16 at 17:34

How to use Timeout in ASP.NET application?

1 Answers1