C# ASP.NET限制登录重试次数
我是一个新手,我只是想知道是否有人熟悉限制用户最多只能登录3次,但它失败了。登录工作正常,但当我试图使用错误的密码访问web时,计数器不起作用。有人能帮我吗。这是我的密码:C# ASP.NET限制登录重试次数,c#,asp.net,security,C#,Asp.net,Security,我是一个新手,我只是想知道是否有人熟悉限制用户最多只能登录3次,但它失败了。登录工作正常,但当我试图使用错误的密码访问web时,计数器不起作用。有人能帮我吗。这是我的密码: protected void btnSubmit_Click(object sender, EventArgs e) { try { SqlConnection con = new SqlConnection(GetConnectionString())
protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = new SqlConnection(GetConnectionString());
con.Open();
SqlCommand cmd = new SqlCommand("CheckMember",con);
cmd.CommandType = CommandType.StoredProcedure;
SqlParameter p1 = new SqlParameter("@userName",txtUsername.Text.ToString());
SqlParameter p2 = new SqlParameter("@password",txtPassword.Text.ToString());
SqlParameter p3 = new SqlParameter("@accountNo",txtAcctNo.Text.ToString());
cmd.Parameters.Add(p1);
cmd.Parameters.Add(p2);
cmd.Parameters.Add(p3);
SqlDataReader lmsreader = cmd.ExecuteReader();
if (lmsreader.HasRows)
{
lmsreader.Read();
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text.ToString(), false);
// FormsAuthentication.RedirectFromLoginPage(txtUsername.Text.ToString(), chkboxCookie.Checked);
lblError.Text = "You got it!";
Response.Redirect("MyAccount.aspx");
con.Close();
}
else
{
this.lblError.Text = "Invalid username, password or account number.<br> Please try again.";
this.lblError.ForeColor = System.Drawing.Color.Red;
object FailedLoginCounter = this.Page.Cache["UserKey_" + this.txtUsername.Text];
if (FailedLoginCounter == null)
{
FailedLoginCounter = 0;
}
this.Page.Cache["UserKey_" + this.txtUsername.Text] = (int)FailedLoginCounter + 1;
if (((int)this.Page.Cache["UserKey_" + this.txtUsername.Text]) == 3)
{
SqlConnection conect = new SqlConnection(GetConnectionString());
SqlCommand commander = new SqlCommand("MemberIsBlocked", con);
commander.CommandType = CommandType.StoredProcedure;
conect.Open();
SqlParameter puser = new SqlParameter("@username", txtUsername.Text.ToString());
cmd.ExecuteNonQuery();
conect.Close();
lblError.Text = "You are Temporarily Blocked for <br> Exceeding Max Number of Login Attempts.";
}
}
}
catch
{
}
finally
{
}
}
public string GetConnectionString()
{
return ConfigurationManager.ConnectionStrings["ConnectionServices"].ConnectionString;
}
protectedvoid btnSubmit\u单击(对象发送方,事件参数e)
{
尝试
{
SqlConnection con=新的SqlConnection(GetConnectionString());
con.Open();
SqlCommand cmd=新的SqlCommand(“CheckMember”,con);
cmd.CommandType=CommandType.storedProcess;
SqlParameter p1=新的SqlParameter(“@userName”,txtUsername.Text.ToString());
SqlParameter p2=新的SqlParameter(“@password”,txtPassword.Text.ToString());
SqlParameter p3=新的SqlParameter(“@accountNo”,txtAcctNo.Text.ToString());
cmd.Parameters.Add(p1);
cmd.Parameters.Add(p2);
命令参数添加(p3);
SqlDataReader lmsreader=cmd.ExecuteReader();
if(lmsreader.HasRows)
{
lmsreader.Read();
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text.ToString(),false);
//FormsAuthentication.RedirectFromLoginPage(txtUsername.Text.ToString(),chkboxCookie.Checked);
lblError.Text=“明白了!”;
重定向(“MyAccount.aspx”);
con.Close();
}
其他的
{
this.lblError.Text=“用户名、密码或帐号无效。
请重试。”;
this.lblError.ForeColor=System.Drawing.Color.Red;
object FailedLoginCounter=this.Page.Cache[“UserKey_”+this.txtUsername.Text];
如果(FailedLoginCounter==null)
{
FailedLoginCounter=0;
}
this.Page.Cache[“UserKey\ux”+this.txtUsername.Text]=(int)FailedLoginCounter+1;
if(((int)this.Page.Cache[“UserKey_”+this.txtUsername.Text])==3)
{
SqlConnection conect=新的SqlConnection(GetConnectionString());
SqlCommand commander=newsqlcommand(“MemberIsBlocked”,con);
commander.CommandType=CommandType.storedProcess;
conect.Open();
SqlParameter puser=newsqlparameter(“@username”,txtUsername.Text.ToString());
cmd.ExecuteNonQuery();
conect.Close();
lblError.Text=“您被暂时阻止,原因是
超过了登录尝试的最大次数。”;
}
}
}
抓住
{
}
最后
{
}
}
公共字符串GetConnectionString()
{
返回ConfigurationManager.ConnectionString[“ConnectionServices”].ConnectionString;
}
非常感谢您的帮助!谢谢 这应该可以……对我来说很好
void GetUser(string EmployeeName, string Password)
{
SqlConnection con2 = new SqlConnection(connstring);
string cmd1 = "select Emp_IsBlocked from dbo.PTS_Employee where Emp_Username='" + EmployeeName + "' and Emp_Password='" + Password + "'";
SqlCommand mycomm2 = new SqlCommand(cmd1, con2);
con2.Open();
Object Blocked = mycomm2.ExecuteScalar();
con2.Close();
//Checks Wether the user is blocked or not
if (Blocked != null)
{
//if the use is not blocke it redirects to the specified page
if (Blocked.ToString() == "")
{
Session["EmployeeName"] =EmployeeName;
Response.Redirect("~/Transactions.aspx");
}
else
{
lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
}
}
//Checks the attempts of the user if the user attempts are more than 3 it blocks him for login again
else
{
object FailedLoginCounter = this.Page.Cache["UserKey_" + this.txtEmpName.Text];
if (FailedLoginCounter == null)
{
FailedLoginCounter = 0;
}
this.Page.Cache["UserKey_" + this.txtEmpName.Text] = (int)FailedLoginCounter + 1;
if (((int)this.Page.Cache["UserKey_" + this.txtEmpName.Text]) == 3)
{
SqlConnection con1 = new SqlConnection(connstring);
SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
mycomm1.CommandType = CommandType.StoredProcedure;
con1.Open();
mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
mycomm1.Parameters.Add("@EmployeeName", SqlDbType.VarChar).Value = txtEmpName.Text;
mycomm1.ExecuteNonQuery();
con1.Close();
lblError.Text = "You Exceeded The Maximum Login Attempts of 3,You are Blocked for now....Please Contact your Admin for Reuse Of Your Account";
}
}
}
并在您的按钮单击中调用“Getuser”方法。您应该为此签出此url、详细信息检查以及有关身份验证检查的更多详细信息使用成员资格类
希望这能对您有所帮助。尝试使用
会话[“用户密钥”+…]
而不是此.Page.Cache[“用户密钥”+…]
。当您说“计数器不工作”时,您的确切意思是什么?你用调试器检查过这段代码了吗?@UweKeim我几秒钟前检查过,但仍然没有工作。@patmortech抱歉,我的意思是,如果用户连续三次登录失败,他/她应该处于临时锁定状态,无法访问网站。请尝试此操作。它使用db限制用户尝试,但可能有助于解决此问题