?
Solved

Asp.Net c# web page refresh causes invalid login attempt

Posted on 2008-10-23
5
Medium Priority
?
1,059 Views
Last Modified: 2012-05-05
I am currently working on an ASP.NET c# web application.
I am using the ASP.NET website administration tool for my security.
At this time i do not have any custom HttpModules.


Everything seems to work except after i have authenticated a user and logged in, if that user refreshes his/her page a number of times the account is automatically locked out.

For now i have been going into the aspnet_Membership table to set the value for IsLockedOut to False
and the FailedPasswordAttemptCount to 0

Can somebody tell what is causing this and how to differentiate between a legitimate failed login attempt and when a user refreshes the web page?
0
Comment
Question by:dayiku
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 26

Expert Comment

by:Anurag Thakur
ID: 22796565
it means that the session information of the logged in user is getting lost or corrupted on page load as you said that when the user refreshes his/her page the account gets locked.
and your website admin tool has been configured to lock the user after invalid attempts for login
http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
http://msdn.microsoft.com/en-us/library/aa478949.aspx
0
 

Author Comment

by:dayiku
ID: 22799515
How do i determine if the session is lost?
Is there a configuration that will prevent the loss of the session information?
I use session variables for processing user requests and so far, i have not noticed and problems with them
0
 
LVL 26

Accepted Solution

by:
Anurag Thakur earned 800 total points
ID: 22802165
on login you might have set the username or id in the session
if the session is lost then you have to check Session["UserName"] != null before doing anything for that user
if you have set the user name in session then the null value indicates session is lost
0
 
LVL 26

Expert Comment

by:Anurag Thakur
ID: 23156106
the ideas for the problem were provided and even after that the authors queries were answered regarding how to check for whether session is available or not
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question