One way is to add another field to your database table that has the lockout
time that you set after the 3rd attempt to the current time.
Every time someone logs in, you check if it's been 30 minutes since the
lockout time. If the lockout time field is empty, or it's been 30 minutes,
you allow the user to login in, and clear out the field if it wasn't empty
to begin with.
"Paul" <Pa**@discussions.microsoft.com> wrote in message
news:74**********************************@microsof t.com...
I have an asp.net application using forms auth with a login window. I have
datanames and encrypted passwords in data tables and after 3 unsuccessful
user login attempts the user is directed to an access denied page. I was
just wondering if for example a user named Tom makes 3 failed login
attempts
how to lock out any future attempts by user login name Tom, say for the
next
20-30 minutes. thanks.
--
Paul G
Software engineer.