Jul 01, 2019 05:39 AM|Xing Zou|LINK
I wanna achieve this: whenever someone login his account failed for 3 times(for example input wrong password). The system will stop him from login in for 30 minutes.
If you use asp.net core Identity, you just need to enable it when you register:
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 3;
options.Lockout.AllowedForNewUsers = true;
Refer to https://github.com/aspnet/Identity/issues/1764
If you want to implement in your own approach, you could add a cloumn "IsLockedOut" (boolean) ,"AttemptCounts" (int) and "FailLoginTime" (dateTime) to your user table and while a user attemts to login just count the number of attempts if its a unsucessfull
When the count gets 3 set IslockedOut column in the table to "true" for that particular user ,reset AttemptCounts column and set current time to FailLoginTime column.So when a user login you will firstly check whether it has been 30 minutes since
FailLoginTime , if so ,set IsLockedOut to false.
You need to check "Username","Password" and "IsLockedOut" in your logic when user login.