Jeremy Wadsworth
Login
My Contribution to the ASP.NET Community


Welcome   
Welcome to my personal website. Here you will find blog posts related to web development as well as personal related interests. If you're here for the source code to my Personal Web Site Kit, please register and you'll receive an email when your account has been approved.

Latest Blog Entries
 Thursday, October 18, 2007


Automatically unlock a user after a specified time limit    
Using the ASP.NET 2.0 membership service framework, I discovered that when a user's account is locked out as a result of too many invalid login attempts, it stays locked out. I guess I expected it to unlock after 10 or 15 minutes since this is what I've seen on most sites.

I wrote some code to handle this. It's kind of scratchy but it works. You can put this in the Page_PreRender and only run it on postback.

Dim ctrlLogin As System.Web.UI.WebControls.Login
ctrlLogin = CType(LoginArea.FindControl("Login1"), System.Web.UI.WebControls.Login)
txtUserName = CType(ctrlLogin.FindControl("UserName"), TextBox)
Dim theUser As MembershipUser = Membership.GetUser(txtUserName.Text.Trim, False)
If IsNothing(theUser) = False Then
 If theUser.IsLockedOut = True Then
  Dim theUser As MembershipUser = Membership.GetUser(txtUserName.Text.Trim, False)
  Dim ts As TimeSpan = Now.Subtract(theUser.LastLockoutDate)
  If Math.Round(ts.TotalMinutes) > 10 Then
   theUser.UnlockUser()
  Else
   ctrlLogin.Enabled = False
   failureText.Text = "Your account has been locked out for 10 minutes, because of too many invalid login attempts."
  End If
 End If
End If


jeremy at 7:59 PM | (10) Comments | Add a comment | Permalink




Commments
Jake said...

Thanks for helping me see a simpler way. I was going to implement a Timer that executes ever 20 minutes, checks all the users and unlocks any that have been locked long enough. I've used Timers for other recurring tasks and I could not get past them. Your method is simple and effective!
Friday, October 26, 2007 4:51 PM
Garrett said...

Hi Jeremy, Are you thinking of a newer version anytime soon? How about monster ID in comments? I saw it in action on blog engine 1.3 and it looks cool.
Monday, December 24, 2007 7:39 PM
John Tregoning said...

Doesn't setting these properties for the membership provider in the Web.config achieve the same thing? passwordAttemptWindow="20" Cheers John Tregoning
Thursday, May 01, 2008 8:58 AM
jeremy said...

John, The property passwordAttemptWindow, determines the period of time that a user can fail login attempts before they're locked out. If that property is set to 20 then a user will be locked out if they enter the wrong password too many times during a 20 minute period.
Sunday, May 11, 2008 9:09 PM
Brian said...

If you're using the aspnet_db, it may be easier to create a job that runs every 5 mins or so that checks the aspnet_Membership table for the IsLockedOut property...and then compares the LastLockoutDate 15mins, say, agains the current datetime.
Thursday, December 31, 2009 8:27 AM
Brian said...

Oh, and remember, dates in the aspnetdb are in UTC. Use GETUTCDATE() for your comparisons
Thursday, December 31, 2009 8:41 AM
Sadequzzaman Monoj said...

Thank you very much. Its really a very good post.
Wednesday, May 05, 2010 5:37 AM
Sadequzzaman Monoj said...

Thank you very much. Its really a very good post.
Wednesday, May 05, 2010 5:37 AM
Tiffany jewellery said...

Thank you very much. Its really a very good post.
Friday, July 16, 2010 9:11 PM
roulette en ligne said...

I am sure the same concept can be used in a varity of way to get lot of real time information.The person who create this post he is a great human..thanks for shared this with us.
Friday, August 20, 2010 7:05 AM
  Leave a comment

Enter Your Name:
 
Enter your website
Security code from image below:  
Need Custom Controls Work or Training?
   


Join WebHost4Life.com






If you would like to help support this project, please click the button below to make a small donation.
Started 2005 by Jeremy Wadsworth