如何限制登录尝试?

时间:2012-02-21 10:23:24

标签: asp.net c#-4.0

我必须限制用户的登录尝试....如果用户超过数据库“IsBlocked”列中的登录尝试,则更新插入“是”

我正在处理代码......我不知道我的代码中的错误是什么我不能尝试失败的尝试.....这里是我正在处理的代码

          SqlConnection con2 = new SqlConnection(connstring);
            string cmd1 = "select Emp_IsBlocked from dbo.PTS_Employee where Emp_Username='" + EmployeeName + "' and Emp_Password='" + Password + "'";
            SqlCommand mycomm2 = new SqlCommand(cmd1, con2);
            con2.Open();
            Object Blocked = mycomm2.ExecuteScalar();
            con2.Close();
            if (Blocked != null)
            {
                if (Blocked.ToString() == "")
                {
                    Response.Redirect("~/Transactions.aspx");
                }
                else
                {
                    lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
                }
            }

            else
            {
                _failedAttempts++;
                //lblError.Text = ("Fail. " + (3 - _failedAttempts));

                if (_failedAttempts == 3)
                {
                    SqlConnection con1 = new SqlConnection(connstring);
                    SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
                    mycomm1.CommandType = CommandType.StoredProcedure;
                    con1.Open();
                    mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
                    mycomm1.ExecuteNonQuery();
                    con1.Close();
                    lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
                }


            }

可以说上面的代码中有什么错误或怎么做....?

1 个答案:

答案 0 :(得分:1)

替换

的else语句 
       else
        {
            _failedAttempts++;
            //lblError.Text = ("Fail. " + (3 - _failedAttempts));

            if (_failedAttempts == 3)
            {
                SqlConnection con1 = new SqlConnection(connstring);
                SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
                mycomm1.CommandType = CommandType.StoredProcedure;
                con1.Open();
                mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
                mycomm1.ExecuteNonQuery();
                con1.Close();
                lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
            }


        }

用这个并尝试

        else
        {
            object FailedLoginCounter = this.Page.Cache["UserKey_" + this.txtPwd.Text];
            if (FailedLoginCounter == null)
            {
                FailedLoginCounter = 0;
            }
            this.Page.Cache["UserKey_" + this.txtPwd.Text] = (int)FailedLoginCounter + 1;
            if (((int)this.Page.Cache["UserKey_" + this.txtPwd.Text]) == 3)
            {
                SqlConnection con1 = new SqlConnection(connstring);
                SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
                mycomm1.CommandType = CommandType.StoredProcedure;
                con1.Open();
                mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
                mycomm1.ExecuteNonQuery();
                con1.Close();
                lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
            }
        }
相关问题
最新问题