Warm tip: This article is reproduced from stackoverflow.com, please click
asp.net vb.net

block input textbox for 1 hour

发布于 2020-03-29 20:58:19

I have a question that i try to solve since yesterday. I know how to block user textbox input that is simple but now i would like to do it during a specific time (1 hour). Is the case when a user enter his password more than 3 times.

It means that i need create a countdown and is the point where i am blocked. So I tried to use a Timer. But when i debug my program with a breakpoint in the method TextBoxTimer_Tick this event is never fired.

Here is some code that i did :

Private TextBoxTimer As New Timer()
Dim TextboxCompteur As Integer

Private Sub TbxUtilisateur_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) 
    Handles TbxUtilisateur.TextChanged
    AddHandler TextBoxTimer.Tick, AddressOf TextBoxTimer_Tick
    TextBoxTimer.Interval = 1000 'Every 1 seconde
    TextBoxTimer.Enabled = True
    TextboxCompteur = 10 'during 10 secondes the textbox will be blocked for test
    .
    . some other code
    .
End Sub

Protected Sub TextBoxTimer_Tick(ByVal sender As Object, ByVal e As System.EventArgs)
        TextboxCompteur -= 1
        If Not TextboxCompteur = 0 Then Exit Sub

        TextBoxTimer.Enabled = False
        TextBoxTimer.Dispose()
        RemoveHandler TextBoxTimer.Tick, AddressOf TextBoxTimer_Tick

        TbxMotDePasse.ReadOnly = False
End Sub

Maybe someone will see what i missed ? Otherwise if you have some others ideas on how deal with this i am listening

Thanks for your future answers !

Questioner
naecotor
Viewed
67
分享
Caius Jard 2020-01-31 18:18

You can't easily use a timer in a web application like this; you should instead implement a solution where you, at the time you decide to lock the user out for one hour, update a database column that locks the user out until one hour after the current time. Here is pseudo code:

bool Login(string username, string password){

  User x = DoDbLookupForUser(username)

  //user table has USERNAME, HASHEDPASSWORD, WRONGATTEMPTSCOUNTER, LOCKEDOUTUNTILDATE columns

  if x == null
    throw new UserNotFoundException

  if DateTime.Now < x.LockedOutUntilDate
    throw new UserLockedOutException

  if x.HashedPassword != Hash(password){
    x.WrongAttemptsCounter++

    if x.WrongAttemptsCounter >= 3
      x.LockedOutUntilDate = DateTime.Now.AddHours(1)

    SaveUser(x)
    throw new UserPasswordIncorrectException
  }

  x.WrongAttemptsCounter = 0;
  SaveUser(x)

  return true
}

After 3 attempts the user is locked out. They can try again after one hour. If they get it wrong again they are locked out for another hour. If you want to give them 3 attempts in an hour reset the counter to 0 when you set the date rather than on successful login. There is no need to reset the lockout date to null; as soon as it goes into the past it will be ignored. It can be handy to know if a user has ever locked themselves out and when so might as well keep the data

Related issues

1
No route matches the supplied values for HTTP POST
2
await SignInManager.PasswordSignInAsync() always results in a failure in my ASP.NET MVC project
3
Cascading (Dependent) Country State City DropDownLists using jQuery AJAX in ASP.Net MVC
4
ASP.NET Core 2.1 no HTTP/HTTPS redirection in App Engine
5
My label message won't appear after filling out login form
6
FCM (Firebase Cloud Messaging) Push Notification with Asp.Net
7
In C#, what is the difference between public, private, protected, and having no access modifier?
8
How to filter String array with integer array with LINQ by index?
9
Read a RTF File and Remove the dynamic text
10
ASP.NET Core equivalent for ASP.NET MVC BeginExecuteCore