if (Users.IsInRole(username, Users.UserTypes.User) && Settings.GetValue("AllowUserLogon") == "0") { btnLogon.Enabled = false; btnLogon.ImageUrl = "images/login_button_disabled.gif"; btnLogon.ToolTip = "The system closes ordinary user's login temporarily 。"; //系统暂时关闭普通用户登录 return; }
if (!userEnabled) { btnLogon.Enabled = false; btnLogon.ImageUrl = "images/login_button_disabled.gif"; btnLogon.ToolTip = "Your user's account number has not been forbidden or opened yet。";//Your user's account number has not been forbidden or opened yet 的用户账号已被禁用或还未开通 return; } FormsAuthentication.SetAuthCookie(username + "@" + ApplicationInfo.Name, false); Response.Redirect("default.aspx");
2.cookie
3.session
Session["times"] = (int)Session["times"] + 1
if((int)Session["times"] >= 3)
{
...
return
}
Session容易丢失并在应用程序修改或重启时会肯定丢失,
Cookie是存储在客户端的,用户手动删除Cookie就可以轻松突破限制存储在数据库用户表增加一字段,LoginCount,每次用户登入成功时,此字段+1,在登录时判断此用户的记录值,如果是3则返回失败.不要再问 此字段+1 或 如果是3则返回失败 怎么弄,学着自己在书上找.
Session
if ( (int) Session["logon times"] < 3 )
{
if ( 用户登录成功 )
{
Session.Remove("logon times");
// 授予用户适当的权限
}
else
{
Session["logon times"] = ( (int) Session["logon Times"] ) ++;
// 提示登录失败
}
}
else
{
Response.Write("您已登录三次失败,请 5 分钟后再试!");
// 你可以把 Session 设为 5 分钟过期,也可以记录第三次失败是什么时候
}这段代码不完善,楼主要自己再改,但大致就是这样。用Cookie和这个差不多
~~~~ 我的Blog:http://blog.csdn.net/quou2002
{
string username = tbUsername.Text.Trim();
string password = tbPassword.Text;
System.Data.OleDb.OleDbConnection connection = DataHandler.GetConnection();
Session["logon times"]=0 ;
if (connection == null)
{
Response.Flush();
string message = "It is unable to use the designated connection string <strong>\"" + DataHandler.ConnectionString //无法使用指定的连接字符串
+ "\"</strong> Open the database 。Whether the database route is correct(The database path is set up in Web.config file)。"; //打开数据库。请检查数据库路径是否正确(数据库路径在 Web.config 文件中设置)。
Response.Write("<font size=\"2\" face=\"Verdana\">" + message + "</font>");
Response.End();
}
else
{
connection.Close();
}
// Session["logon times"] = ( (int) Session["logon Times"] ) +1;
if ( (int) Session["logon times"] < 3 )
{
if (Users.UserExists(username, password))
{
bool userEnabled = Users.IsEnabled(username);
if (Users.IsInRole(username, Users.UserTypes.User)
&& Settings.GetValue("AllowUserLogon") == "0")
{
btnLogon.Enabled = false;
btnLogon.ImageUrl = "images/login_button_disabled.gif";
btnLogon.ToolTip = "The system closes ordinary user's login temporarily 。"; //系统暂时关闭普通用户登录
return;
}
if (!userEnabled)
{
btnLogon.Enabled = false;
btnLogon.ImageUrl = "images/login_button_disabled.gif";
btnLogon.ToolTip = "Your user's account number has not been forbidden or opened yet。";//Your user's account number has not been forbidden or opened yet 的用户账号已被禁用或还未开通
return;
} FormsAuthentication.SetAuthCookie(username + "@" + ApplicationInfo.Name, false);
Response.Redirect("default.aspx");
Session.Remove("logon times");
// 授予用户适当的权限
}
else
{
iconExclaimation.Visible = true;
iconExclaimation.ToolTip = "Wrong user name or login password "; //错误的用户名或登录密码
tbUsername.Text = "";
Session["logon times"] = ((int) Session["logon Times"]) +1;
}
//Session["logon times"] = ( (int) Session["logon Times"] ) ++;
// 提示登录失败
}
else {
Response.Write("您已登录三次失败,请 5 分钟后再试!");
// 你可以把 Session 设为 5 分钟过期,也可以记录第三次失败是什么时候
} }
我是这样写的可以吗
前者一个隐藏控件或ViewState就搞定
后者最好是数据库,较安全稳定些
当然session与cookie也可以实现
我理解是三次登录错误那么便在以后一段时间内不能登录,这样的话就在数据库里面存‘时间’
取IP地址和端口号,在服务器端用单态处理。
{
//****密码错误
LoginCount++;
}if(LoginCount>=3){//****退出程序}