Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tim 1189 posts 2638 karma points c-trib
    Aug 31, 2010 @ 17:24
    Tim
    0

    Admin User Account Lockout

    Hi,

    Is it possible to lock out admin (back office accounts) afte x amount of failed login attempts? the provider looks like it has the methods for it, but the database doesn't seem to have any lockout fields. Is this something that's actually been implemented?

    Cheers,

     

    Tim.

     

  • Chris Houston 530 posts 957 karma points admin c-trib
    Sep 22, 2010 @ 11:06
    Chris Houston
    0

    Hi Tim,

    Did you get anywhere with this one?

    Cheers,

    Chris

  • Tim 1189 posts 2638 karma points c-trib
    Sep 23, 2010 @ 09:49
    Tim
    0

    No, it doesn't look like it's been implemented. I was looking into it for similar reasons to you (security/complaince concious client). In the end we just added a captcha to the login page to stop automated login attempts, and locked the access to the /umbraco folder down with IIS to their IP address range.

    Its still something I'd like to see done though, if I get any free time, I might try writing a provider that overrides the existing one and adds the functionality. As a temporary thing, it might be possible to hook into the authentication events and add something to the umbraco log, just to show failed logins. That's something else I've been toying with, but haven't got round to trying out yet! I'll let you know if I get anywhere with this.......

    :)

  • Steve Temple 54 posts 288 karma points MVP c-trib
    Jul 10, 2013 @ 23:39
    Steve Temple
    0

    Hi, I know this is an old thread, but for anyone finding this from Google, I've written a package for this:

    http://our.umbraco.org/projects/website-utilities/lockout-membership-provider

    Cheers,

    Steve

Please Sign in or register to post replies

Write your reply to:

Draft