Wednesday, September 23, 2015

Unlocking the locked user accounts using a web page

Suggested Videos
Part 95 - Implementing password reset link
Part 96 - Implementing change password page
Part 97 - Changing password by providing current password

If a user repeatedly enters the wrong password. The accounts are locked to prevent hackers from guessing passwords and making dictionary attacks. In Part 94, of this video series we have discussed about un-locking user accounts, using a SQL Server agent job.  Please watch Part 94, before proceeding with this video.

In this video, we will discuss about unlocking the locked user accounts, using a web page that lists all the locked user accounts. From this page, the help desk agent, can unlock the account by clicking a button. This is not as dangerous as running a manual update query, but still a manual process and may be in-efficient.

Stored procedure to get the information about, all the locked user accounts.
Create proc spGetAllLocakedUserAccounts
Select UserName, Email, LockedDateTime,
DATEDIFF(hour, LockedDateTime, GETDATE()) as HoursElapsed
from tblUsers
where IsLocked = 1

Add a webform, with name "AccessDenied.aspx".
<div style="font-family:Arial;">
    <h1 style="color:Red">Access Denied</h1>

Add a webform, with name "LockedAccounts.aspx". Copy and paste the following HTML on this page.
<div style="font-family:Arial">
    <asp:GridView ID="gvLockedAccounts" runat="server" AutoGenerateColumns="False">
            <asp:BoundField DataField="UserName" HeaderText="User Name" />
            <asp:BoundField DataField="Email" HeaderText="Email" />
            <asp:BoundField DataField="LockedDateTime" 
                HeaderText="Locked Date &amp; Time" />
            <asp:BoundField DataField="HoursElapsed" HeaderText="Hours Elapsed" >
            <ItemStyle HorizontalAlign="Center" />
            <asp:TemplateField HeaderText="Enable">
                    <asp:Button ID="btnEnable" runat="server" Text="Enable" 
                    Enabled='<%#Convert.ToInt32(Eval("HoursElapsed")) > 24%>'/>

"LockedAccounts.aspx.cs" code
protected void Page_Load(object sender, EventArgs e)
    if (User.Identity.Name.ToLower() == "test")
        if (!IsPostBack)

private void GetData()
    string CS = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString;
    using (SqlConnection con = new SqlConnection(CS))
        SqlCommand cmd = new SqlCommand("spGetAllLocakedUserAccounts", con);
        cmd.CommandType = CommandType.StoredProcedure;

        gvLockedAccounts.DataSource = cmd.ExecuteReader();

In the next video session, we will discuss about implementing the "Enable" button.

If you are searching life partner. your searching end with now offer free matrimonial website which offer free message, free chat, free view contact information. so register here : Free matrimonial website


Post a Comment