Block user after 4 wrong password attempt using Session in ASP.Net MVC

wisswiss...

SOLVED CLOSED ACTIVE ANSWERED
User: wisswiss143
Posted: on Mar 06, 2024 03:15 AM
Forum: ASP.Net MVC
Answer: 2
Views: 1776
Sample Code: Download

Hello,

I work on web application in ASP.Net MVC 4.8.

In order to add a block after 4 wrong password and/or login attempts. I wanted to modify Login Action.

We don't want to use aspNet Identity because we didn't want to add a column on the database side.

I need a solution using session/cache or variable store count.

Thanks in advance.

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: false);
    switch (result)
    {
        case SignInStatus.Success:
            var user = await UserManager.FindByNameAsync(model.UserName);
            HttpCookie partnerInfo = new HttpCookie("User#" + user.Id);
            partnerInfo["FullName"] = user.FullName;
            Response.Cookies.Add(partnerInfo);
            return RedirectToLocal(returnUrl);
        case SignInStatus.LockedOut:
            ModelState.AddModelError("", "Account Blocked. Try after some time.");
            return View("model");
        case SignInStatus.RequiresVerification:
            return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
        case SignInStatus.Failure:
        default:
            ModelState.AddModelError("", "Invalid login attempt.");
    }
    model.NotConnect = true;
    return View(model);
}

Download FREE API for Word, Excel and PDF in ASP.Net

dharmend...

0 3

Reply
ANSWER
User: dharmendr
Replied: on Mar 06, 2024 11:53 AM
Report

wisswiss143 says:

I need a solution using session/cache or variable store count.

I have checked and found it is possible. But if user clears browser cache or close the session or try with different browser then, he will be able to login again.

The only possible way is to save lock status in database.

dharmend...

0 5

Reply
ANSWER
User: dharmendr
Replied: on Mar 07, 2024 08:45 AM
Report

Refer the example.

Model

public class LoginViewModel
{
    public string UserName { get; set; }
    public string Password { get; set; }
}

Controller

public class HomeController : Controller
{
    // GET: Home
    public ActionResult Index()
    {
        return View();
    }

    [HttpPost]
    public ActionResult Login(LoginViewModel model)
    {
        int attemptCount = Session["Invalid"] != null ? (int)Session["Invalid"] : 0;
        if (attemptCount < 4)
        {
            // Verify the login details.
            if (model.UserName == "test" && model.Password == "123")
            {

            }
            else
            {
                Session["Invalid"] = attemptCount + 1;
            }
        }
        else
        {
            ViewBag.Message = "Account Blocked. Try after some time.";
        }
        return View("Index", model);
    }
}

HTML

@model Sample.Models.LoginViewModel

@{
    Layout = null;
}
<!DOCTYPE html>

<html>
<head>
    <meta name="viewport" content="width=device-width" />
    <title>Index</title>
</head>
<body>
    @using (Html.BeginForm("Login", "Home", FormMethod.Post))
    {
        <div class="form-horizontal">
            <h4>LoginViewModel</h4>
            <hr />
            <div class="form-group">
                @Html.LabelFor(model => model.UserName, htmlAttributes: new { @class = "control-label col-md-2" })
                <div class="col-md-10">
                    @Html.TextBoxFor(model => model.UserName, new { htmlAttributes = new { @class = "form-control" } })
                </div>
            </div>

            <div class="form-group">
                @Html.LabelFor(model => model.Password, htmlAttributes: new { @class = "control-label col-md-2" })
                <div class="col-md-10">
                    @Html.TextBoxFor(model => model.Password, new { htmlAttributes = new { @class = "form-control" } })
                </div>
            </div>

            <div class="form-group">
                <div class="col-md-offset-2 col-md-10">
                    <input type="submit" value="Login" class="btn btn-default" />
                </div>
            </div>
        </div>
    }
    @if (ViewBag.Message != null)
    {
        <script type="text/javascript">
            window.onload = function () {
                alert('@ViewBag.Message');
            };
        </script>
    }
</body>
</html>

I agree, here is the link: https://www.e-iceblue.com/Introduce/spire-office-for-net-free.html

Block user after 4 wrong password attempt using Session in ASP.Net MVC

Company

Explore

Follow us

Contact Us