Block User IP after 5 unsuccessful login attempts?

Question

Guys I have a simple customer login page in ASP.net (C#) which has 2 textboxes and a button, one for username and the other for password and button for submit.

Upon

Answer 1

You should log failed attempts to a table, when the number of rows in that table exceeds the failed number of login attempts you should display an error message to say the user is locked out.

When the user has regenerated their password, remove the records from the table.

Sorry, just saw your other request for the IP address. In a web application you can use the following property from the HttpContext:

HttpContext.Current.Request.UserHostAddress