I used the following code for checking user name and password. and I want ti block the user name after 3 invalid password attempt. what should I add in my codeing MD5CryptoServiceProvider md5hasher = new MD5CryptoServiceProvider(); Byte[] hashedDataBytes; UTF8Encoding encoder = new UTF8Encoding(); hashedDataBytes = md5hasher.ComputeHash(encoder.GetBytes(TextBox3.Text)); StringBuilder hex = new StringBuilder(hashedDataBytes.Length * 2); foreach (Byte b in hashedDataBytes) { hex.AppendFormat("{0:x2}", b); } string hash = hex.ToString(); SqlConnection con = new SqlConnection("Data Source=Shihab-PC;Initial Catalog=test;User ID=SOMETHING;Password=SOMETHINGELSE"); SqlDataAdapter ad = new SqlDataAdapter("select password from Users where UserId='" + TextBox4.Text + "'", con); DataSet ds = new DataSet(); ad.Fill(ds, "Users"); SqlDataAdapter ad2 = new SqlDataAdapter("select UserId from Users ", con); DataSet ds2 = new DataSet(); ad2.Fill(ds2, "Users"); Session["id"] = TextBox4.Text.ToString(); if ((string.Compare((ds.Tables["Users"].Rows[0][0].ToString()), hash)) == 0) { if (string.Compare(TextBox4.Text, (ds2.Tables["Users"].Rows[0][0].ToString())) == 0) { Response.Redirect("actioncust.aspx"); } else { Response.Redirect("actioncust.aspx"); } } else { Label2.Text = "Invalid Login"; } con.Close(); }