Guys I have a simple customer login page in ASP.net (C#) which has 2 textboxes and a button, one for username and the other for password and button for submit.
Upon pressing submit, the password textbox text is encrypted and then compared with the encrypted value of password already stored in DB.
Now what I want to do is, upon each unsuccessful login attempt, it should display a message like “x tries remaining out of 5”. When all 5 tries are used, it should ban the user’s ip for 1 hour.
How should I approach this? I am pretty new to ASP so I have no idea on how to get user IP and then block it for 1 hour. After 1 hour has passed, the ip should be unblocked automatically.
Any help will be appreciated.
P.S I am not looking for anything much complicated. I am new to this so something complicated will not be in my grasp.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You should log failed attempts to a table, when the number of rows in that table exceeds the failed number of login attempts you should display an error message to say the user is locked out.
When the user has regenerated their password, remove the records from the table.
Sorry, just saw your other request for the IP address. In a web application you can use the following property from the HttpContext:
HttpContext.Current.Request.UserHostAddress
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0