Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Chris Houston 535 posts 980 karma points MVP admin c-trib
    Sep 22, 2010 @ 11:15
    Chris Houston

    How can I log failed login attempts for the Umbraco backend?

    Hi All,

    ( We are using Umbraco 4.0.x for these sites )

    We are currently adding a lot of additional tracking to sites for one of our Pharmaceutical clients due to Part 11 Compliance.

    One thing we need to do is log failed login attempts, this is easy to do for all the frontend users, but we cannot seem to find a simple way of extending the Umbraco backend login screen with this functionality.

    Has anyone else come across this and implemented it or have any ideas?

    Ideally we don't want to have to modify the core for obvious reasons.

    Thanks in advance,


  • Matt Brailsford 4124 posts 22220 karma points MVP 9x c-trib
    Sep 22, 2010 @ 11:30
    Matt Brailsford

    Hi Chris,

    Could you override the the Application_OnAuthenticateRequest event in global.asax, and just log the request in a db?


  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Sep 22, 2010 @ 11:41
    Dirk De Grave

    I'd suggest to implement your own backoffice membership provider, inheriting from the default umbraco UsersMembershipProvider and log failed attempts in addition to validating the user.




  • Chris Houston 535 posts 980 karma points MVP admin c-trib
    Sep 22, 2010 @ 13:11
    Chris Houston

    Hi Matt & Dirk,

    Thank you both for your suggestions, I will let you know which root we end up taking :)



  • Aaron Powell 1708 posts 3046 karma points c-trib
    Sep 23, 2010 @ 00:34
    Aaron Powell

    I'd recommend Dirk's solution, you just need to override the ValidateUser method in umbraco.providers.UserMembershipProvider

    You just need to change the class in the web.config to point to your own provider too.

  • keilo 568 posts 1023 karma points
    Sep 01, 2015 @ 15:15

    I have just implemented very simple custom membershipprovider, to authenticate username (as email address) with external CRM if the is in the username.

    If its not, then it falls back to Umbraco member validation.

    What method(s) should I call to update the the failed login attempt within this logic;

    public class myMembershipProvider: umbraco.providers.members.UmbracoMembershipProvider
      public override bool ValidateUser(string username, string password)
          if (!username.Contains("")){
            if (base.ValidateUser(username, password)) {return true;} 
            else  {return false;}
          if (externalCRM.IsValidMember(username, password) )  {
            // do stuff, update CRM table etc..
             return true;
           } else {return false;}
Please Sign in or register to post replies

Write your reply to: