Solved

Asp.Net c# web page refresh causes invalid login attempt

Posted on 2008-10-23
5
1,044 Views
Last Modified: 2012-05-05
I am currently working on an ASP.NET c# web application.
I am using the ASP.NET website administration tool for my security.
At this time i do not have any custom HttpModules.


Everything seems to work except after i have authenticated a user and logged in, if that user refreshes his/her page a number of times the account is automatically locked out.

For now i have been going into the aspnet_Membership table to set the value for IsLockedOut to False
and the FailedPasswordAttemptCount to 0

Can somebody tell what is causing this and how to differentiate between a legitimate failed login attempt and when a user refreshes the web page?
0
Comment
Question by:dayiku
  • 3
5 Comments
 
LVL 26

Expert Comment

by:Anurag Thakur
Comment Utility
it means that the session information of the logged in user is getting lost or corrupted on page load as you said that when the user refreshes his/her page the account gets locked.
and your website admin tool has been configured to lock the user after invalid attempts for login
http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
http://msdn.microsoft.com/en-us/library/aa478949.aspx
0
 

Author Comment

by:dayiku
Comment Utility
How do i determine if the session is lost?
Is there a configuration that will prevent the loss of the session information?
I use session variables for processing user requests and so far, i have not noticed and problems with them
0
 
LVL 26

Accepted Solution

by:
Anurag Thakur earned 200 total points
Comment Utility
on login you might have set the username or id in the session
if the session is lost then you have to check Session["UserName"] != null before doing anything for that user
if you have set the user name in session then the null value indicates session is lost
0
 
LVL 26

Expert Comment

by:Anurag Thakur
Comment Utility
the ideas for the problem were provided and even after that the authors queries were answered regarding how to check for whether session is available or not
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now