Solved

Asp.Net c# web page refresh causes invalid login attempt

Posted on 2008-10-23
5
1,051 Views
Last Modified: 2012-05-05
I am currently working on an ASP.NET c# web application.
I am using the ASP.NET website administration tool for my security.
At this time i do not have any custom HttpModules.


Everything seems to work except after i have authenticated a user and logged in, if that user refreshes his/her page a number of times the account is automatically locked out.

For now i have been going into the aspnet_Membership table to set the value for IsLockedOut to False
and the FailedPasswordAttemptCount to 0

Can somebody tell what is causing this and how to differentiate between a legitimate failed login attempt and when a user refreshes the web page?
0
Comment
Question by:dayiku
  • 3
5 Comments
 
LVL 26

Expert Comment

by:Anurag Thakur
ID: 22796565
it means that the session information of the logged in user is getting lost or corrupted on page load as you said that when the user refreshes his/her page the account gets locked.
and your website admin tool has been configured to lock the user after invalid attempts for login
http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
http://msdn.microsoft.com/en-us/library/aa478949.aspx
0
 

Author Comment

by:dayiku
ID: 22799515
How do i determine if the session is lost?
Is there a configuration that will prevent the loss of the session information?
I use session variables for processing user requests and so far, i have not noticed and problems with them
0
 
LVL 26

Accepted Solution

by:
Anurag Thakur earned 200 total points
ID: 22802165
on login you might have set the username or id in the session
if the session is lost then you have to check Session["UserName"] != null before doing anything for that user
if you have set the user name in session then the null value indicates session is lost
0
 
LVL 26

Expert Comment

by:Anurag Thakur
ID: 23156106
the ideas for the problem were provided and even after that the authors queries were answered regarding how to check for whether session is available or not
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question