If a user repeatedly enters the wrong password. The accounts are locked to prevent hackers from guessing passwords and making dictionary attacks.
We will discuss about unlocking the locked user accounts, using a web page that lists all the locked user accounts. From this page, the help desk agent, can unlock the account by clicking a button. This is not as dangerous as running a manual update query, but still a manual process and may be in-efficient.
Stored procedure to get the information about, all the locked user accounts.
Create proc spGetAllLocakedUserAccount
as
Begin
Select UserName, Email, LockedDateTime,
DATEDIFF(hour, LockedDateTime, GETDATE()) as HoursElapsed
from tblUsers
where IsLocked = 1
End
Add a webform, with name "AccessDenied.aspx".
<div style="font-family:Arial;">
<h1 style="color:Red">Access Denied</h1>
</div>
Add a webform, with name "LockedAccounts.aspx". Copy and paste the following HTML on this page.
<div style="font-family:Arial">
<asp:GridView ID="gvLockedAccounts" runat="server" AutoGenerateColumns="False">
<Columns>
<asp:BoundField DataField="UserName" HeaderText="User Name" />
<asp:BoundField DataField="Email" HeaderText="Email" />
<asp:BoundField DataField="LockedDateTime"
HeaderText="Locked Date & Time" />
<asp:BoundField DataField="HoursElapsed" HeaderText="Hours Elapsed" >
<ItemStyle HorizontalAlign="Center" />
</asp:BoundField>
<asp:TemplateField HeaderText="Enable">
<ItemTemplate>
<asp:Button ID="btnEnable" runat="server" Text="Enable"
Enabled='<%#Convert.ToInt32(Eval("HoursElapsed")) > 24%>'/>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
</div>
"LockedAccounts.aspx.cs" code
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.Name.ToLower() == "test")
{
if (!IsPostBack)
{
GetData();
}
}
else
{
Response.Redirect("~/AccessDenied.aspx");
}
}
private void GetData()
{
string CS = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
SqlCommand cmd = new SqlCommand("spGetAllLocakedUserAccount", con);
cmd.CommandType = CommandType.StoredProcedure;
con.Open();
gvLockedAccounts.DataSource = cmd.ExecuteReader();
gvLockedAccounts.DataBind();
}
}
We will discuss about unlocking the locked user accounts, using a web page that lists all the locked user accounts. From this page, the help desk agent, can unlock the account by clicking a button. This is not as dangerous as running a manual update query, but still a manual process and may be in-efficient.
Stored procedure to get the information about, all the locked user accounts.
Create proc spGetAllLocakedUserAccount
as
Begin
Select UserName, Email, LockedDateTime,
DATEDIFF(hour, LockedDateTime, GETDATE()) as HoursElapsed
from tblUsers
where IsLocked = 1
End
Add a webform, with name "AccessDenied.aspx".
<div style="font-family:Arial;">
<h1 style="color:Red">Access Denied</h1>
</div>
Add a webform, with name "LockedAccounts.aspx". Copy and paste the following HTML on this page.
<div style="font-family:Arial">
<asp:GridView ID="gvLockedAccounts" runat="server" AutoGenerateColumns="False">
<Columns>
<asp:BoundField DataField="UserName" HeaderText="User Name" />
<asp:BoundField DataField="Email" HeaderText="Email" />
<asp:BoundField DataField="LockedDateTime"
HeaderText="Locked Date & Time" />
<asp:BoundField DataField="HoursElapsed" HeaderText="Hours Elapsed" >
<ItemStyle HorizontalAlign="Center" />
</asp:BoundField>
<asp:TemplateField HeaderText="Enable">
<ItemTemplate>
<asp:Button ID="btnEnable" runat="server" Text="Enable"
Enabled='<%#Convert.ToInt32(Eval("HoursElapsed")) > 24%>'/>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
</div>
"LockedAccounts.aspx.cs" code
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.Name.ToLower() == "test")
{
if (!IsPostBack)
{
GetData();
}
}
else
{
Response.Redirect("~/AccessDenied.aspx");
}
}
private void GetData()
{
string CS = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
SqlCommand cmd = new SqlCommand("spGetAllLocakedUserAccount", con);
cmd.CommandType = CommandType.StoredProcedure;
con.Open();
gvLockedAccounts.DataSource = cmd.ExecuteReader();
gvLockedAccounts.DataBind();
}
}