Block request for multiple unsuccessful logins for a period of time
I have a web site and I want to block request from BOTs and attempt brute force login to my web site.
Now I\'m using Session for storing lo
-
Identify invalid login based on IpAddress(anonymous proxy).That Each invalid login ip and login count&time that will stored in Application State.
Create Class InvalidLogin
public class InvalidLogin { public string IP { get; set; } public DateTime Attempttime { get; set; } public int AttemptCount { get; set; } }Login Event
protected void Login_Click(object sender, EventArgs e) { bool Testsuccessfullogin = false; if (Testsuccessfullogin) { //Your code after successfull login } else { //Invalid Login --- Capture Each login event based on IP string strIp; strIp = Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; //when user is behind proxy server if (strIp == null) { strIp = Request.ServerVariables["REMOTE_ADDR"];//Without proxy } Listuser = null; if (HttpContext.Current.Application["Users"] == null) //Adding List to Application State { user = new List (); } else { user = (List )HttpContext.Current.Application["Users"]; } var remove = user.RemoveAll(x => x.Attempttime < DateTime.Now.AddMinutes(-15));//Remove IP Before 15 minutes(Give 15 Min Time Next Login) var checkLogged = user.Find(x => x.IP == strIp); if (checkLogged == null) { user.Add(new InvalidLogin { IP = strIp, Attempttime = DateTime.Now, AttemptCount = 1 }); Application.Lock(); HttpContext.Current.Application["Users"] = user; Application.UnLock(); } else { if (checkLogged.AttemptCount < 4) { checkLogged.Attempttime = DateTime.Now; checkLogged.AttemptCount++; Application.Lock(); HttpContext.Current.Application["Users"] = user; Application.UnLock(); } } if (checkLogged != null) { if (checkLogged.AttemptCount > 3) { captcha.Visible = true; //Showing captcha } } } }
加载中...
- 热议问题