Support us .Net Basics C# SQL ASP.NET Aarvi MVC Slides C# Programs Subscribe Download

Unlocking the locked user accounts using a web page - Part 98

Suggested Videos
Part 95 - Implementing password reset link
Part 96 - Implementing change password page
Part 97 - Changing password by providing current password

If a user repeatedly enters the wrong password. The accounts are locked to prevent hackers from guessing passwords and making dictionary attacks. In Part 94, of this video series we have discussed about un-locking user accounts, using a SQL Server agent job.  Please watch Part 94, before proceeding with this video.



In this video, we will discuss about unlocking the locked user accounts, using a web page that lists all the locked user accounts. From this page, the help desk agent, can unlock the account by clicking a button. This is not as dangerous as running a manual update query, but still a manual process and may be in-efficient.

Stored procedure to get the information about, all the locked user accounts.
Create proc spGetAllLocakedUserAccounts
as
Begin
Select UserName, Email, LockedDateTime,
DATEDIFF(hour, LockedDateTime, GETDATE()) as HoursElapsed
from tblUsers
where IsLocked = 1
End



Add a webform, with name "AccessDenied.aspx".
<div style="font-family:Arial;">
    <h1 style="color:Red">Access Denied</h1>
</div>

Add a webform, with name "LockedAccounts.aspx". Copy and paste the following HTML on this page.
<div style="font-family:Arial">
    <asp:GridView ID="gvLockedAccounts" runat="server" AutoGenerateColumns="False">
        <Columns>
            <asp:BoundField DataField="UserName" HeaderText="User Name" />
            <asp:BoundField DataField="Email" HeaderText="Email" />
            <asp:BoundField DataField="LockedDateTime" 
                HeaderText="Locked Date &amp; Time" />
            <asp:BoundField DataField="HoursElapsed" HeaderText="Hours Elapsed" >
            <ItemStyle HorizontalAlign="Center" />
            </asp:BoundField>
            <asp:TemplateField HeaderText="Enable">
                <ItemTemplate>
                    <asp:Button ID="btnEnable" runat="server" Text="Enable" 
                    Enabled='<%#Convert.ToInt32(Eval("HoursElapsed")) > 24%>'/>
                </ItemTemplate>
            </asp:TemplateField>
        </Columns>
    </asp:GridView>
</div>

"LockedAccounts.aspx.cs" code
protected void Page_Load(object sender, EventArgs e)
{
    if (User.Identity.Name.ToLower() == "test")
    {
        if (!IsPostBack)
        {
            GetData();
        }
    }
    else
    {
        Response.Redirect("~/AccessDenied.aspx");
    }
}

private void GetData()
{
    string CS = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString;
    using (SqlConnection con = new SqlConnection(CS))
    {
        SqlCommand cmd = new SqlCommand("spGetAllLocakedUserAccounts", con);
        cmd.CommandType = CommandType.StoredProcedure;

        con.Open();
        gvLockedAccounts.DataSource = cmd.ExecuteReader();
        gvLockedAccounts.DataBind();
    }
}

In the next video session, we will discuss about implementing the "Enable" button.

2 comments:

  1. kudvenkat can you help me i have no idea why it kept on redirecting me to access denied page. can you help me out

    ReplyDelete




  2. "LockedAccounts.aspx.cs" code
    protected void Page_Load(object sender, EventArgs e)
    {
    if (User.Identity.Name.ToLower() == "test")


    Please see the "test" User. Only 'test' can do the Enabling.

    ReplyDelete

It would be great if you can help share these free resources