Click here to Skip to main content
15,891,316 members
Search within:


How to restrict a user after 3 unsuccessful attempts in login form in c# windows forms with sql server 2008
Please Sign up or sign in to vote.
1.00/5 (1 vote)
Hi my name is vishal.I have a application named:Project which has mdi parent form named:MDIParent1. I have a login form named:frmLogin. Given below is my c# code of frmLogin with sql server 2008.:
C#
using System.Data.SqlClient;
namespace Project
{
    public partial class frmLogin : Form
    {
        public frmLogin()
        {
            InitializeComponent();
        }
private void btnLogin_Click(object sender, EventArgs e)
        {
            if ((txtPassword.Text == "tuscano") && (txtUsername.Text.ToLower() == "kumar"))
            {
                MDIParent1 g = new MDIParent1();
                g.Show();
                this.Close();
            }
            else
            {
                string username = txtUsername.Text;
                string password = txtPassword.Text;
                bool validUser = ValidateUser(username, password);
                if (validUser)
                {
                    MDIParent1 m = new MDIParent1();
                    m.Show();
                    this.Close();
                }
                else
                {
                    MessageBox.Show("Invalid user name or password. Please try with another user name or password", "DRRS", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                    txtUsername.Focus();
                }
            }
        }
private bool ValidateUser(string username, string password)
        {
            bool success = false;
            SqlConnection conn = new SqlConnection("Data Source=NPD-4\\SQLEXPRESS;Initial Catalog=DRRS;Integrated Security=true");
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = conn;
            cmd.CommandType = CommandType.Text;
            cmd = new SqlCommand("Select @count=Count(*) from [dbo].[User] where username=@username and password=@password", conn);
            cmd.Parameters.AddWithValue("@username", txtUsername.Text);
            cmd.Parameters.AddWithValue("@password", txtPassword.Text);
            cmd.Parameters.Add("@count", SqlDbType.Int).Direction = ParameterDirection.Output;
            conn.Open();
            cmd.ExecuteNonQuery();
            if (Convert.ToInt32(cmd.Parameters["@count"].Value) > 0)
            {
                success = true;
            }
            else
            {
                success = false;
            }
            conn.Close();
            return success;
        }

The above c# code Works with no problem at all!
However what is want is to restrict a user after 3 unsuccessful attempts(failed logins/attempts) by displaying a message box to user telling "Sorry you have tried to access application either with wrong user name or wrong password! Sorry for the trouble!". Can anyone help me/guide me on how to achieve this required result?! Can anyone help me Please! Any help/guidance in solving of this problem would be greatly appreciated!
Posted
Add a Solution

2 solutions

It should be simple: add a failure_count (or whatever) field to the user table: increment it at each failure and reset it to 0 on each successfull login. Then 
Select @count=Count(*) from [dbo].[User] where username=@username and password=@password and failure_count < 3"
should do the trick.
 
Share this answer
 
Posted
Comments
Member 10248768 17-Jul-14 1:11am    
Dear CPallini
I think that your code should do the trick! But can you show/send me sample on how to add a field(failure_count) to user table which increments upon each failure login and resets it to 0 upon each successful login from c# windows forms?

Given below is my structure of my table named:user in sql server 2008:

ColumnName DataType AllowNulls
user_first_name nvarchar(50) Yes
user_last_name nvarchar(50) Yes
username nvarchar(30) Yes
user_id(auto-increment) Int No
password nvarchar(15) Yes
user_dob date Yes
user_sex nvarchar(20) Yes
email nvarchar(50) Yes
user_type Int Yes
row_upd_date datetime Yes
created_by smallint Yes

Can you guide me/help me on how to add and implement failure_count field in table user which increments by 1 upon each failure login and resets to 0 upon successful login from c# windows forms? Reply Please?! I hope i get a reply from You!
I think you have to use Global Static int variable above btnLogin_Click e.g.,

private int static hitcount=0;
if(hitcount !=3)
{
if (validUser)
{
MDIParent1 m = new MDIParent1();
m.Show();
this.Close();
}
else
{
MessageBox.Show("Invalid user name or password. Please try with another user name or password", "DRRS", MessageBoxButtons.OK, MessageBoxIcon.Warning);
txtUsername.Focus();}
hitcount ++; }
}
else
{
MessageBox.Show("Sorry you have tried to access application either with wrong user name or wrong password! Sorry for the trouble!", "DRRS", MessageBoxButtons.OK, MessageBoxIcon.Warning);
txtUsername.Focus();
}



Under "else" block you can also save the "hitcount" in database so that if user again try to login then again by checking the hitcount on behalf of username and password we can restrict the user to login.
 
Share this answer
 
Posted
Comments
Member 10248768 17-Jul-14 0:21am    
Dear Member10950750
Thank you for replying to my question/query on such short notice.
However i cannot understand what you mean by "saving the "hitcount" in database from "else" block in order to check the hitcount on behalf of username and password to restrict his login when that particular user tries to login again after 3 failed attempts"? Should i need to include hitcount as a field in my table named:User in sql server 2008? If so tell me how to increment hitcount on each failure login of that user until 3 and reset it to 0 on successful login? Can explain it to little briefly because i cant understand what you are trying to say? Reply Please Sir?! I am waiting for your reply! I hope i get a reply from you Sir!
Adityakumar2318 6-Jun-17 8:51am    
"Saving the hitcount" means whatever you have stored in "hitcount" variable, just save to database.
Lets assume if "hitcount" contains 1, database will contain 1.
If "hitcount" contains 2, database will contain 2.
If "hitcount" contains 3, database will contain 3.

Hope it clears.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to restrict a user after 3 unsuccessful attempts in login form in C#
Windows forms - adding local users to localhost/security/logins in Microsoft SQL server management studio
how to display a message box telling he/she has exceeded her limit for today of entering into the application after 3 unsuccessful attempts by him/her in c# windows forms with sql server 2008
Adding users from visual studio 2017 windows forms to SQL server management studio
Number of unsuccessful attempts in binary search
Unsuccessful Login Attempts
SQl server Login in Windows Forms application.
Unsuccessful Login Attempts locks out all the accounts
how to open a windows form after a login form
how to pass value of variable from login form to another form which inserts that value into another table in c# windows forms with sql server 2008

Advertise
Privacy
Cookies
Terms of Use
Last Updated 16 Jul 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900