Is it possible to lock out admin (back office accounts) afte x amount of failed login attempts? the provider looks like it has the methods for it, but the database doesn't seem to have any lockout fields. Is this something that's actually been implemented?
No, it doesn't look like it's been implemented. I was looking into it for similar reasons to you (security/complaince concious client). In the end we just added a captcha to the login page to stop automated login attempts, and locked the access to the /umbraco folder down with IIS to their IP address range.
Its still something I'd like to see done though, if I get any free time, I might try writing a provider that overrides the existing one and adds the functionality. As a temporary thing, it might be possible to hook into the authentication events and add something to the umbraco log, just to show failed logins. That's something else I've been toying with, but haven't got round to trying out yet! I'll let you know if I get anywhere with this.......
Admin User Account Lockout
Hi,
Is it possible to lock out admin (back office accounts) afte x amount of failed login attempts? the provider looks like it has the methods for it, but the database doesn't seem to have any lockout fields. Is this something that's actually been implemented?
Cheers,
Tim.
Hi Tim,
Did you get anywhere with this one?
Cheers,
Chris
No, it doesn't look like it's been implemented. I was looking into it for similar reasons to you (security/complaince concious client). In the end we just added a captcha to the login page to stop automated login attempts, and locked the access to the /umbraco folder down with IIS to their IP address range.
Its still something I'd like to see done though, if I get any free time, I might try writing a provider that overrides the existing one and adds the functionality. As a temporary thing, it might be possible to hook into the authentication events and add something to the umbraco log, just to show failed logins. That's something else I've been toying with, but haven't got round to trying out yet! I'll let you know if I get anywhere with this.......
:)
Hi, I know this is an old thread, but for anyone finding this from Google, I've written a package for this:
http://our.umbraco.org/projects/website-utilities/lockout-membership-provider
Cheers,
Steve
is working on a reply...