Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
Is it possible to lock out admin (back office accounts) afte x amount of failed login attempts? the provider looks like it has the methods for it, but the database doesn't seem to have any lockout fields. Is this something that's actually been implemented?
Did you get anywhere with this one?
No, it doesn't look like it's been implemented. I was looking into it for similar reasons to you (security/complaince concious client). In the end we just added a captcha to the login page to stop automated login attempts, and locked the access to the /umbraco folder down with IIS to their IP address range.
Its still something I'd like to see done though, if I get any free time, I might try writing a provider that overrides the existing one and adds the functionality. As a temporary thing, it might be possible to hook into the authentication events and add something to the umbraco log, just to show failed logins. That's something else I've been toying with, but haven't got round to trying out yet! I'll let you know if I get anywhere with this.......
Hi, I know this is an old thread, but for anyone finding this from Google, I've written a package for this:
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted