0

我在 ASP.NET 中做一个登录页面,我想在 3 次尝试失败后阻止用户并在 10 分钟后取消阻止他。我没有使用Login Control,所以我不能使用Membership Provider,所以我想到了使用Timeout。如何修改下面的代码来阻止和解除阻止用户?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using Replicon.Cryptography.SCrypt;

namespace WebApplication1
{
    public partial class SignIn : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        public class LoginAttempt {  public DateTime AttemptTime {get;set;} }
        protected void Button1_Click(object sender, EventArgs e)
        {
            String CS = ConfigurationManager.ConnectionStrings["MyDatabaseConnectionString1"].ConnectionString;
            using (SqlConnection con = new SqlConnection(CS))
            {

                SqlCommand cmd = new SqlCommand("select * from Users where Username=@Username", con);
                cmd.Parameters.Add("@Username", Username.Text);
                con.Open();
                SqlDataAdapter sda = new SqlDataAdapter(cmd);
                DataTable dt = new DataTable();
                sda.Fill(dt);
                if (dt.Rows.Count != 0)
                {
                    foreach (DataRow row in dt.Rows)
                    {
                        if (Replicon.Cryptography.SCrypt.SCrypt.Verify(Password.Text, (string)row["Password"]))
                        {  
                            Session["USERNAME "] = Username.Text;
                            Response.Redirect("~/UserHome.aspx");
                            return;
                        }

                        { lblError.Text = "Invalid Username or Password !"; }
                    }
                }


            }
        }


    }
}
4

1 回答 1

0

如果遇到错误,您可以使用会话,您需要在全局 asax 中初始化会话值

if(Session["DateTime"]==null)
{
String CS = ConfigurationManager.ConnectionStrings["MyDatabaseConnectionString1"].ConnectionString;
            using (SqlConnection con = new SqlConnection(CS))
            {

                SqlCommand cmd = new SqlCommand("select * from Users where Username=@Username", con);
                cmd.Parameters.Add("@Username", Username.Text);
                con.Open();
                SqlDataAdapter sda = new SqlDataAdapter(cmd);
                DataTable dt = new DataTable();
                sda.Fill(dt);





               if (dt.Rows.Count != 0)
                {
                    foreach (DataRow row in dt.Rows)
                    {
                        if (Replicon.Cryptography.SCrypt.SCrypt.Verify(Password.Text, (string)row["Password"]))
                        {  
                            Session["USERNAME "] = Username.Text;
                            Response.Redirect("~/UserHome.aspx");
                            return;
                        }

                        { lblError.Text = "Invalid Username or Password !"; }
                    }
                }
else
{
if(Convert.ToInt32(Session["errorlogin"])>3)
{
    Session["DateTime"]=DateTime.Now;
}
Session["errorlogin"]=Convert.ToInt32(Session["errorlogin"])+1;


}
}
}
于 2016-05-30T13:38:03.553 回答