<head runat="server"> <title></title> <style type="text/css"> .table { background-image: url('Images/buttonbg.png'); background-repeat: repeat; } .buttonBg { background-color: Silver; background-image: none; border-style: solid; border-width: 1; border-color: #c63 #930 #930 #c63; } .textbox_username { background: #ffffff url('images/icon_username.png') no-repeat; background-position: 1 1; padding-left: 19px; border: 1px solid #999999; border-top-color: #CCCCCC; border-left-color: #CCCCCC; color: #333333; font: 90% Verdana, Helvetica, Arial, sans-serif; font-size: 12px; height: 20px; } .textbox_password { background: #ffffff url('images/icon_password.png') no-repeat; background-position: 1 1; padding-left: 19px; border: 1px solid #999999; border-top-color: #CCCCCC; border-left-color: #CCCCCC; color: #333333; font: 90% Verdana, Helvetica, Arial, sans-serif; font-size: 12px; height: 20px; } .button { border: 1px solid #999999; border-top-color: #CCCCCC; border-left-color: #CCCCCC; background-color: white; color: #333333; font: 90% Verdana, Helvetica, Arial, sans-serif; font-size: 11px; -moz-border-radius: 3px; } </style> </head> <body> <form id="form1" runat="server"> <div> <table class="table"> <tr> <td colspan="4"> <asp:Label ID="lblUserLogOn" runat="server" Text="User Log On" Style="font-size: smaller; font-family: Verdana; font-weight: bolder;"></asp:Label> </td> </tr> <tr> <td rowspan="3"> <img src="Images/Security.PNG" style="width: 80px; height: 80px;" alt="" /> </td> <td> <asp:Label ID="lblUserName" runat="server" Text="User Name" Style="font-size: x-small; font-family: Verdana; font-weight: bold;"></asp:Label> </td> <td> <asp:TextBox ID="txtUserName" runat="server" CssClass="textbox_username" TabIndex = "1" ></asp:TextBox> </td> </tr> <tr> <td> <asp:Label ID="lblPassword" runat="server" Text="Password" Style="font-size: x-small; font-family: Verdana; font-weight: bold;"></asp:Label> </td> <td> <asp:TextBox ID="txtPassword" runat="server" CssClass="textbox_password" TabIndex = "2"></asp:TextBox> </td> </tr> <tr> <td colspan="2" style="text-align:right; padding-right:2px;"> <asp:Button ID="btnLogOn" runat="server" Text="LogOn" CssClass="buttonBg" TabIndex = "3" onclick="btnLogOn_Click"/> </td> </tr> <tr> <td colspan="3" style="text-align:right; padding-right:2px;"> <asp:Label ID="lblInvalid" runat="server" Text="Incorrect username or password." style="color:#FF0000;"></asp:Label> </td> </tr> </table> </div> </form> </body> </html>
public partial class SimpleLoginTemplate_LogOn : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { //ClearLogonCounter(); switch (btnLogOn.Enabled) { case false: break; case true: btnLogOn.Enabled = NumberOfLogonAttemps() <= 5 ? true : false; break; } } protected void btnLogOn_Click(object sender, EventArgs e) { AddOrCountLogonAttempt(); if (NumberOfLogonAttemps() > 5) { if (!lblInvalid.Text.Trim().Equals("User has been locked for 5 minutes.")) //If the attempt is > 5 Lock the user for 5 min //After that the userName cleared from the cache Cache.Insert(txtUserName.Text.Trim(), (int)Cache[txtUserName.Text.Trim()], null, DateTime.Now.AddMinutes(5), TimeSpan.Zero); lblInvalid.Text = "User has been locked for 5 minutes."; btnLogOn.Enabled = false; } else { btnLogOn.Enabled = true; switch (LogOn()) { //Clear the count if user logon correctly case true: ClearLogonCounter(); break; case false: break; } } } private bool LogOn() { lblInvalid.Text = "Incorrect username or password."; return false; } #region "Brute force protect" //http://madskristensen.net/post/Brute-force-protect-your-website.aspx private int NumberOfLogonAttemps() { if (Cache[txtUserName.Text.Trim()] == null) return 0; //txtNoOfTries.Text = Convert.ToString( Cache[txtUserName.Text.Trim()]); return (int)Cache[txtUserName.Text.Trim()]; } private void ClearLogonCounter() { if (Cache[txtUserName.Text.Trim()] != null) { Cache.Remove(txtUserName.Text.Trim()); } } private void AddOrCountLogonAttempt() { if (Cache[txtUserName.Text.Trim()] == null) { //NoAbsoluteExpiration -- item should never expire // Sliding expiration means we reset the X seconds after each request. //http://wiki.asp.net/page.aspx/655/caching-in-aspnet/ Cache.Insert(txtUserName.Text.Trim(), 1, null, System.Web.Caching.Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(1)); } else { int tries = (int)Cache[txtUserName.Text.Trim()]; Cache[txtUserName.Text.Trim()] = tries + 1; } } #endregion }
Reference:madskristensen.net
All credits goes to him.
No comments:
Post a Comment