473,791 Members | 2,901 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Auto-lock out module after 3-5 unsuccessful logins

Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.
Is there any sample coding in ASP or Javascript for me to refer to??
Thanks alot!!!
Jul 22 '05 #1
4 3869
tchangmian wrote on 13 dec 2004 in microsoft.publi c.inetserver.as p.general:
Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.


First think, hangmian!

How can you determine the account user of an unsuccesful login ??

The best you can do is allowing a maximum logincount per ASP-session, [and
denying access to people without sesson cookies enabled, so without a
session]

Setting a deny cookie on the client is a nice but defeatable action.

Denying IP-addresses is NOT an option, IMHO.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #2
Here is the gist of a simplistic mechanism we did for a client. It may or
may not be sufficient for your situation:

------before authenticating user-------

'attempts are stored in Application Variables by login id
nTry = Application(str LoginID)
If Not IsNumeric(nTry) Then
nTry = 1
Else
nTry = nTry + 1
End If

If nTry > 3 Then
Response.Redire ct "../html/mp_acctlocked.h tml"
Else

-------code to authenticate user goes here-------

End If

If AuthenticateUse r = 0 Then
Application.Con tents.Remove(st rLoginID) 'successful
Else
Application(str LoginID) = nTry 'failed, update try count
End If

You also need admin functions to unlock users.

A more robust mechanism would store the try count in a database along with a
timestamp so that locked accounts could be released automatically if
desired.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"tchangmian " <tc********@yah oo.com.sg> wrote in message
news:64******** *************** ***@posting.goo gle.com...
Hi, I would like to create an auto-lock out module where users are
unable to continue login attempt after 3-5 unsuccessful logins. In
addition, the user account are automatically suspended after
stipulated unsuccessful logins.
Is there any sample coding in ASP or Javascript for me to refer to??
Thanks alot!!!

Jul 22 '05 #3
Mark Schupp wrote on 13 dec 2004 in
microsoft.publi c.inetserver.as p.general:
If AuthenticateUse r = 0 Then
Application.Con tents.Remove(st rLoginID) 'successful
Else
Application(str LoginID) = nTry 'failed, update try count
End If


So if I knew anothers username,
I could lock him out till doomsday or till server reset,
willingly or by accident?
So if I stumbled on another application variable's name,
unconnected to authentication, like an users-online counter,
I could change the content to 1,2 or 3,
willingly or by accident?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #4
I didn't say it was perfect. I said it met the client's requirements. That
requirement (and probably the requirement that the OP has) was from an IT
department's security review and was non-negotiable. The potential that a
user could be locked out had to be accepted as the cost of limiting repeated
login attempts.

In that particular application all application variables had prefixes to
their names which would likely prevent collision with login IDs. So in that
case the "quick fix" using application variables was deemed acceptable. A
much better solution (and the one we will use should we include the feature
in the standard application) is to keep track of login attempts in the
database.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Evertjan." <ex************ **@interxnl.net > wrote in message
news:Xn******** ************@19 4.109.133.29...
Mark Schupp wrote on 13 dec 2004 in
microsoft.publi c.inetserver.as p.general:
If AuthenticateUse r = 0 Then
Application.Con tents.Remove(st rLoginID) 'successful
Else
Application(str LoginID) = nTry 'failed, update try count
End If


So if I knew anothers username,
I could lock him out till doomsday or till server reset,
willingly or by accident?
So if I stumbled on another application variable's name,
unconnected to authentication, like an users-online counter,
I could change the content to 1,2 or 3,
willingly or by accident?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Jul 22 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
2608
[PEP] auto keyword for automatic objects support in Python
by: Manlio Perillo | last post by:
Hi. This post follows "does python have useless destructors". I'm not an expert, so I hope what I will write is meaningfull and clear. Actually in Python there is no possibility to write code that follows C++ RAII pattern. Of course Python objects are not statics like in C++, but in C++ the auto_ptr class is used for enforcing this pattern for dynamical
Python
1
13960
Problem with the width of DIV in IE6 using CSS and width:auto
by: Glabbeek | last post by:
I'm changing the layout of my site. Instead of using tables, I will use DIVs. It's working fine, except for 1 thing: In IE6 some DIVs are not the correct width. Mozilla and Opera are showing the page the way I want. Does anybody know a solution for this? First of all, the code I am using: CSS ------- body {
HTML / CSS
5
6122
width: auto seems to be ignoring me in Mozilla
by: Robert Downes | last post by:
I'm using the following in a page that I'm testing in Mozilla: p.actionLinkBlock {border: 1px #000000 dashed; padding: 0.2cm; width: auto} But the dashed border is extending to the right-edge of the screen. I want it to only extend as far as it needs to to nicely contain the content within (a couple of links). Is width: auto the wrong property to do this? Is Mozilla rendering the style wrong?
HTML / CSS
20
2876
Why not auto?
by: Vijay Kumar R. Zanvar | last post by:
Hello, Unlike register, auto keyword can not be used to declare formal parameter(s). Is there any specific reason for this? Kind regards, Vijay Kumar R. Zanvar
C / C++
6
5074
What to do with AUTO-ID column when I add a new record to the data
by: Alpha | last post by:
I retrieve a table with only 2 columns. One is a auto-generated primary key column and the 2nd is a string. When I add a new row to the dataset to be updated back to the database. What should I do with the 1st column ? (Below I have a "1" in place for now). Also, Does the datase.AcceptChanges(); updates the changes to the database? Which command do I use to update the changes in dataset back to the Access database table? Thanks, Alpha...
C# / C Sharp
5
5045
Localization: user selectable UICulture w/ UICulture = auto
by: Samuel | last post by:
Hi, I am running into a problem of mixing UICulture = auto and allowing users to select culture using a dropdown list. I am detecting a querystring, "setlang", and when found, setting the CurrentUICulture to what's specified in the querystring. Since I want to allow UICulture auto detecting, I add UICulture = "auto" to page directive on each page.
ASP.NET
5
3278
'auto' value question..
by: maya | last post by:
at work they decided to center divs thus: body {text-align:center} #content {width: 612px; text-align:left; margin: 0 auto 0 auto; } this works fine in IE & FF, EXCEPT in FF it doesn't work if I change 'auto' to 0 for left and right margin values; I have to leave those at 'auto'.. so I would like to know what exactly means 'auto' -- what value it represents exactly (and does it apply for all elements/values you might apply 'auto' to?)
HTML / CSS
22
3085
Usage of "auto". What for?
by: nospam_news | last post by:
I currently get asked about my usage of "auto". What is it for? The keyword is clearly superflous here. In contrast to the huge majority of C/C++ developers I write definitions very explicitly like that: int main(char argc, char *argv, char *env) { try { auto Exception mainException(1); mainException.setErrNo(42);
C / C++
2
3080
Firefox and retrieving height set to "auto"
by: Piotr K | last post by:
Hi, I've encountered a strange problem with Firefox which I don't have any idea how to resolve. To the point: I've <divelement with a style "height: auto" and I want to retrieve this value ("auto") in JavaScript - however instead of getting "auto" value, I get calculated height. In IE and Opera it simply returns "auto". Any ideas how to check in Firefox if element height was set to "auto" ? I'll be grateful for any help.
Javascript
21
6358
What's the differences between REGISTER and AUTO?
by: JOYCE | last post by:
Look the subject,that's my problem! I hope someone can help me, thanks
C / C++
0
9669
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10426
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
10154
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
6776
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5430
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5558
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4109
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3713
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2913
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us