I have a website developed using asp.net/C#. I would like to lock an user account on 5 consecutive login failures within a time period of 30 minutes. I do not want to do this on database side. And I know this is cannot be done by session variables. I also do not want to use cookies for this, as a user can easily disable cookies
View 6 RepliesCan I have some codes in login attempts. For example, the user tried to login for three consecutive times and then he failed. The session he gets will be locked for about 30 seconds.
View 1 Repliesuser phoned me and said he received an error when attempting to login stating that his account had been locked. I had to unlock the user account today manually through the user interface. Several hours later I had to do it again. Afterwards, when I looked at the aspnet_Membership table it showed NO failed login attempts. LastLockout date for that particular user was set to min date. FailedPasswardAttemptCount was zero. FailedPasswordAttemptWindowStart was min date. I then proceeded to fail logging with the users account name.
View 3 RepliesWhat is the best way to use System.DirectoryServices.AccountManagement to lock an Active Directory user object? I'm able to determine if an account is locked using..
UserPrincipal principal = new UserPrincipal(context);
bool locked = principal.IsAccountLockedOut();
How do I lock the account? Is there an alternative to doing something like this...
UserPrincipal principal = new UserPrincipal(context);
DirectoryEntry entry = (DirectoryEntry)principal.GetUnderlyingObject();
int val = (int)entry.Properties["userAccountControl"].Value;[code]....
Do anyone knows how to lock a account after a user enters the password too many times.
View 3 RepliesI Need Block User After 3 Failuer Attempts....
View 1 RepliesDo I just need to make a field for account type in my user account table? In a technical way, if(account type = admin) then the account would log as admin; otherwise, a user with less privileges.
View 7 RepliesI need to add features in login page.
1) Only allow user in three times attemps
2) After three times failed to login, the user will be restricted for 30 minutes.
I knew how to code for 1) but I do not how to do 2).
I have developed an application in ASP.NET 3.5 which utilizes the Membership and Roles Providers and Forms Authentication to manage user access and profiles.
There are various area's of this application that are only to be used by an admin users whom login using their email and password and the rest of the users log in using their telephone number and password via their iPhone.
For simplicities sake, I would like to have two different login pages, one that is formatted for the iPhone and performs the correct validation for users adding a telephone number and the other for the application administrators.
I want to redirect the user to their respective login page based on which folder they are attempting to access. For example say I have an application structure like this
/Admin
/Couriers
/Customers
/Whatever
Default.aspx
iPhoneLogin.aspx
adminLogin.aspx
Web.config
I want to be able to redirect users who go to [URL]/Whatever to iPhoneLogin.aspx and users to go to [URL]/Admin to adminLogin.aspx
Coding Platform: ASP.NET 4.0 Webforms with C#
I have two roles admin and member. In my application, admin can manipulate most of the member data. I know that in forms authentication a user can be unlocked like,
MembershipUser user = Membership.GetUser(clickeduserName);
user.UnlockUser();
Membership.UpdateUser(user);
My questions are,
How to lock a user in forms authentication? Why is MembershipUser.IsLockedOut Property set as ReadOnly? Is it not the right way to LockOut people as an administrator?
How to lock the user with the 3 times entering the wrong password?
View 10 RepliesI have login page, users enter their username and password ... I want when users enter their password wrong after 3 time they can't enter password until 24 hours after that they can try it again, How i can do it?
View 1 RepliesI facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?
View 6 RepliesI have the membership provider and the create user with tow steps, one of the steps contains a custom registration form, for each created user data will be in the database, and there is an account page shows the data that the new created user did insert during the registration process on the custom registration page,
the problem, when the user is created and logged into his account page, this account page shows only the information for the first created user, not the info on the logged in user , but the logged in user data still saved in database and not showing on his account page?
This is web.confg code:
<?xml version="1.0"?>
I want to check if a user in User table is found either in UserName Column or in FriendUserName Column in UserFollow table and if yes display lable found, But if no display lable notfound. This code will be excuted onse a user logs in the connection code
protected void Page_Load(object sender, EventArgs e)
{
if (Session["UserName"] != null && Session["UserName"].ToString() != string.Empty)
{
string userName = Session["UserName"].ToString();
if (!this.IsPostBack)
[code]...
I'm using asp.net membership provider. and I need to block user account in case if the user post spam. How can I accomplish it using build in features of the Membership Provider.Can I use IsLockedOut? If so how can i update it programmatically?
View 2 RepliesIn login.aspx I have used login control to enter user name and password, the problem is: even my caps lock is off when I enter user name it prints in capital letters but size is small size (when I copy and paste in note pad or msword it paste in small letters not in capital letters), when I turn on my caps lock on and type - it prints in bigger size as if I am typing in capital letters.
ex: 1. temp is my user name if my caps lock is off it shows like this TEMP (but size in smaller than 2nd one)
2. if my caps lock is on is shows like this as if I am typing capital letters TEMP
what do you think the problem is how can I fix it
I'm about to convert an existing webforms application to MVC. This existing system lean too much on JavaScript in my opinion, so I'm throwing around some ideas for a "lock screen" functionality. The user can be busy editing a form....any form, there are tons. "Lock Screen" essentially logs the user off, but when logging in again, they are taken back to the form they have been busy with and the values entered before are loaded. I also will have to provide a way to lock the screen after a certain time of inactivity.
View 3 RepliesIs it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?
View 4 Repliesi have almost 2500 peoples details i want enter it to the database from background using one exel sheet .but when i enter all the details i want to set the password for each user in the database (must be unique)
View 2 RepliesI have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
View 5 Repliesi have this code to create a local windows user
public static bool CreateLocalWindowsAccount(string username, string password, string displayName, string description, bool canChangePwd, bool pwdExpires)
{
[code]...
I'm building a site in which users can purchase MP3 files which they can download from their user login area.
In previous applications I've developed, I would allow admin to upload the file and it would be stored under "/Uploads/MP3s/filename.mp3". However, I need to make this secure so that users cannot gain access to these files until they have purchased them.
I would like develop an application written in ASP.NET which include an option to configure user accounts in such a way that each user account can be freely assigned to a different module to which it will has access.
So, for example, I would have one table in a database that maps user to modules.
In ASP.NET there is the whole mechanism of roles, but his assumptions are slightly different -> Here you need to centrally configure finished profiles. This can be circumvented in such a way that each application module is a separate role. And for one user can be assigned multiple roles.
But whether such a method is elegant? Should I do it differently?
I have a website that has a login (Like most websites xD) This then obviosly fetches information from a database and loads it on the page. (EG. Welcome "Display Name")
I have designed and coded a application for my site you can use the features from my web on your desktop, I have added a login (required to use the application) and a register. Both login and register work (Fetching information from the database and writing to the database).
Now I have those out of the way I'm now onto the main part of my program which is to display infomation onto the application about the user account. This could include editing the user account, uploading content to the website or viewing content from the website.. (Sorry but I'd like to explain how I have certain things to get the point across clearly )
Anyway how would I create a sort of session? Like PHP, once you login you can grab information from the database based on the information submitted from the login which was fetched from the database.. When the user presses login on my application it brings them to the main part of the application but I'm now unsure how to load variables and/or session data.
(Side note, I have also sha encryption on my website in the register/login, at the moment VB reads the information from the textbox as normal text is there anyway I can get it to read the sha encryption? and also insert data into the database with this encryption?) - This question is optional.