We are currently adding a lot of additional tracking to sites for one of our Pharmaceutical clients due to Part 11 Compliance.
One thing we need to do is log failed login attempts, this is easy to do for all the frontend users, but we cannot seem to find a simple way of extending the Umbraco backend login screen with this functionality.
Has anyone else come across this and implemented it or have any ideas?
Ideally we don't want to have to modify the core for obvious reasons.
I'd suggest to implement your own backoffice membership provider, inheriting from the default umbraco UsersMembershipProvider and log failed attempts in addition to validating the user.
I have just implemented very simple custom membershipprovider, to authenticate username (as email address) with external CRM if the @crmdomain.com is in the username.
If its not, then it falls back to Umbraco member validation.
What method(s) should I call to update the the failed login attempt within this logic;
public class myMembershipProvider: umbraco.providers.members.UmbracoMembershipProvider
{
public override bool ValidateUser(string username, string password)
{
if (!username.Contains("@crmaddress.com")){
if (base.ValidateUser(username, password)) {return true;}
else {return false;}
}
else{
if (externalCRM.IsValidMember(username, password) ) {
// do stuff, update CRM table etc..
return true;
} else {return false;}
}
//...
}
How can I log failed login attempts for the Umbraco backend?
Hi All,
( We are using Umbraco 4.0.x for these sites )
We are currently adding a lot of additional tracking to sites for one of our Pharmaceutical clients due to Part 11 Compliance.
One thing we need to do is log failed login attempts, this is easy to do for all the frontend users, but we cannot seem to find a simple way of extending the Umbraco backend login screen with this functionality.
Has anyone else come across this and implemented it or have any ideas?
Ideally we don't want to have to modify the core for obvious reasons.
Thanks in advance,
Chris
Hi Chris,
Could you override the the Application_OnAuthenticateRequest event in global.asax, and just log the request in a db?
Matt
I'd suggest to implement your own backoffice membership provider, inheriting from the default umbraco UsersMembershipProvider and log failed attempts in addition to validating the user.
Cheers,
/Dirk
Hi Matt & Dirk,
Thank you both for your suggestions, I will let you know which root we end up taking :)
Cheers,
Chris
I'd recommend Dirk's solution, you just need to override the ValidateUser method in umbraco.providers.UserMembershipProvider
You just need to change the class in the web.config to point to your own provider too.
I have just implemented very simple custom membershipprovider, to authenticate username (as email address) with external CRM if the @crmdomain.com is in the username.
If its not, then it falls back to Umbraco member validation.
What method(s) should I call to update the the failed login attempt within this logic;
is working on a reply...