进行3次无效尝试后如何阻止用户帐户 [英] How to block a user account after 3 invalied attempts

问题描述

你好，民谣

谁能帮我一个忙，我通过获取int静态计数变量来完成是否尝试3次无效用户尝试的编码，因为我有一个缺点，如果一个用户进行了2次无效尝试，而另一个用户进行了第一次无效尝试，并且该帐户正在阻止，我该如何纠正此问题，任何人都可以帮助我....

我把我的代码放在下面，请检查出来，然后告诉我一个更好的选择...

Hi folk''s

Can any one help me out ,i done coding for if attempts 3 invalid user attempts by taking int static count variable,in that i have one drawback ,if one user made 2 invalid attempts ,and other user made 1st time invalid attempt and this account is blocking ,How can i rectify this problem can any one help me....

I placing my code below please check it out yar and tell me with one is the better option .....

static int count = 0;
    public void  count_log()//this my user count static function............
    {
        BAL_ClassLibrary.Rcm_service.LoginEntities get_login_details = login_values();
        if (count >2)
        {
            Loginbal objbal=new Loginbal();
             objbal.account_block(get_login_details);
             ScriptManager.RegisterClientScriptBlock(Page, Page.GetType(), "Result", "alert('*Your Account is blocked')", true);
               count = 0;

        }
        else
        {
            ScriptManager.RegisterClientScriptBlock(Page, Page.GetType(), "Result", "alert('*Invalied username or password')", true);
            count++;
        }

当用户使无效用户尝试登录时，我正在调用此函数...
并且我增加了计数值.....

I am calling this function, when user made invalid user attempt to login...
and i incrementing the count value.....

推荐答案

静态可以按预期工作，并且肯定不是您要尝试的工作做.静态成员的范围适用于应用程序域，这意味着每个用户都具有对静态成员的访问权限/范围.这样它的价值就会受到所有用户的影响/改变.

在您的情况下，您需要特定于用户的login-attepmt计数.您可以为此使用会话.请查看以下链接，以获取有关"Asp.Net会话" 的信息.

http://msdn.microsoft.com/en-us/library/ms178581 (v = vs.100).aspx

http://msdn.microsoft.com/en-us/library/ms972429.aspx

看看下面的" ASP.NET状态管理"链接.

ASP.NET状态管理概述

ASP.NET状态管理建议

初学者ASP.NET中的状态管理技术简介

Static is working as expected and its certainly not for what you are trying to do. Scope of static members is for app domain, that means every user has a access/scope to static member. So that its value gets influenced/changed by all the users.

In your case you need user specific login-attepmt count. You may use Sessions for this. Have a look at below links for information on "Asp.Net Sessions".

http://msdn.microsoft.com/en-us/library/ms178581(v=vs.100).aspx

http://msdn.microsoft.com/en-us/library/ms972429.aspx

Have a look at below links for "ASP.NET State Management".

ASP.NET State Management Overview

ASP.NET State Management Recommendations

Beginners Introduction to State Management Techniques in ASP.NET

您可以在用户表中添加一个名为"FailedLoginAttempts"的附加列，并在每次登录后更新该值.成功登录后，应再次将列重置为0.

但是您需要牢记两个重要的场景...
1.如果用户输入错误/无效的用户名，您将如何维护?
2.知道别人用户名的任何人都可以一次又一次尝试阻止其帐户.

希望这会对您有所帮助...

You can add an extra column named "FailedLoginAttempts" in your user table, and update the value after each login attempt. After successfull login you should reset the column to 0 again.

But you need to keep in mind two important scenario...
1. if user puts wrong/ invalid user name how will you maintain that ?
2. anyone who knows someone other''s username can block his/her account by trying again and again.

Hope this will help you...

引用该线程
http://stackoverflow.com/questions/9866493/在指定登录失败次数后阻止用户 [

Refer this thread
http://stackoverflow.com/questions/9866493/block-a-user-after-a-specified-number-of-failed-logins[^]

这篇关于进行3次无效尝试后如何阻止用户帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！