Solved

Asp.Net c# web page refresh causes invalid login attempt

Posted on 2008-10-23
5
1,055 Views
Last Modified: 2012-05-05
I am currently working on an ASP.NET c# web application.
I am using the ASP.NET website administration tool for my security.
At this time i do not have any custom HttpModules.


Everything seems to work except after i have authenticated a user and logged in, if that user refreshes his/her page a number of times the account is automatically locked out.

For now i have been going into the aspnet_Membership table to set the value for IsLockedOut to False
and the FailedPasswordAttemptCount to 0

Can somebody tell what is causing this and how to differentiate between a legitimate failed login attempt and when a user refreshes the web page?
0
Comment
Question by:dayiku
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 26

Expert Comment

by:Anurag Thakur
ID: 22796565
it means that the session information of the logged in user is getting lost or corrupted on page load as you said that when the user refreshes his/her page the account gets locked.
and your website admin tool has been configured to lock the user after invalid attempts for login
http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
http://msdn.microsoft.com/en-us/library/aa478949.aspx
0
 

Author Comment

by:dayiku
ID: 22799515
How do i determine if the session is lost?
Is there a configuration that will prevent the loss of the session information?
I use session variables for processing user requests and so far, i have not noticed and problems with them
0
 
LVL 26

Accepted Solution

by:
Anurag Thakur earned 200 total points
ID: 22802165
on login you might have set the username or id in the session
if the session is lost then you have to check Session["UserName"] != null before doing anything for that user
if you have set the user name in session then the null value indicates session is lost
0
 
LVL 26

Expert Comment

by:Anurag Thakur
ID: 23156106
the ideas for the problem were provided and even after that the authors queries were answered regarding how to check for whether session is available or not
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question