Does anyone know how using asp or .net to set up a login page so that if you try to login 3 times and don't login correctly you get locked out of being able to login. So like you would have to response to an automatic email, or just wait for 24 hours or something.

Quote: Originally Posted by jhoop2002 Does anyone know how using asp or .net to set up a login page so that if you try to login 3 times and don't login correctly you get locked out of being able to login. So like you would have to response to an automatic email, or just wait for 24 hours or something.

Thats a good question, and a neat lil trick for the user be like i can't keep trying to log in\on.

Just playing, figured ive been giving crap out to everyone else, thought i'd share with you.

If you going to do it do it right.

Attached Thumbnails

 

Quote: Originally Posted by jhoop2002 Does anyone know how using asp or .net to set up a login page so that if you try to login 3 times and don't login correctly you get locked out of being able to login. So like you would have to response to an automatic email, or just wait for 24 hours or something.

I did this with ASP and SQL Server a couple years back. I used two tables in the database for this, similar to the following:

"User" table fields (and data types)

• Username (varchar)
• Password (varchar)
• LockedOut (bit/boolean)
• [...all the other fields like unique ID, email address, etc.]

"LogonAttempts" table fields (and data types)

• AttemptedUsername (varchar)
• AttemptedPassword (varchar) [this can help you to see if the user had Caps Lock on or something]
• AttemptedDateAndTime (date/time)
• LogonSuccessful (bit/boolean)
• [...all the other fields like unique ID, remote IP, etc.]

Basically, every time someone attempts to log in, you record the login attempt in the LogonAttempts table in the database.

When a user tries to log in, do the following:
If the user is already locked out (meaning User.LockedOut is true), display a message saying so.
If the user is NOT locked out, check to see if the username/password is correct.
If it is correct, let them in*. If not*, run a query to see whether their last 3 times were all unsuccessful.
If the last 3 times were all unsuccessful, set User.LockedOut to true.

*This is where you would record the logon attempt, to see if LogonSuccessful would be true or false.

If I can explain any part of this or help with any of the queries, just let me know!