+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Preventing Login Abuse / Frathousing

Preventing Login Abuse / Frathousing

6 posts, 0 answered
  1. BobTabor
    BobTabor avatar
    17 posts
    Registered:
    12 Dec 2007
    16 Feb 2010
    Link to this post
    Hi, any advice on preventing two people from logging into sitefinity at the same time with the same credentials?
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    16 Feb 2010
    Link to this post
    Hello BobTabor,

    You cannot create two users with the same name, so you cannot have two users with the same credentials - username and password.

    More information at MSDN - MembershipCreateStatus Enumeration, Membership.CreateUser Method

    However, you could generate random username and password if you have some concerns.

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. BobTabor
    BobTabor avatar
    17 posts
    Registered:
    12 Dec 2007
    16 Feb 2010
    Link to this post
    No, I'm not talking about CREATING two identical sets of credentials.  I'm talking about two (or more) people who are using the SAME username and password to access the site.  In other words, if I'm using Sitefinity to deliver streaming video requiring a fee for membership, I want to prevent one person from sharing his username and password with the world and allowing hundreds of people from logging in at the same time.  Frathousing.

    I imagine Sitefinity doesn't do this by default.  (aMemberPro does).  But has anyone implemented this feature or is there some guidance on how one might go about doing it?
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    17 Feb 2010
    Link to this post
    Hello BobTabor,

    Below are the options that I could come up.

    • consider requiring client certificates, this is the best option.
    • IP tracking
    • generate temporarily unique security keys that an user should enter when sign up


    Sincerely yours,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  5. Gabe Sumner
    Gabe Sumner avatar
    440 posts
    Registered:
    09 Sep 2007
    25 Feb 2010
    Link to this post
    Hey Bob,

    I gave this a quick look and found the following resources:


    This might help.

    Gabe Sumner
    Telerik | Sitefinity CMS
  6. Gabe Sumner
    Gabe Sumner avatar
    440 posts
    Registered:
    09 Sep 2007
    26 Feb 2010
    Link to this post
    Here is another potential resource:


    This code could be added to the ~/Sitefinity/login.aspx.cs file.

    If your users aren't using this page to login, then this code would need added to whatever login control is handling authentication.

    Gabe Sumner
    Telerik | Sitefinity CMS
Register for webinar
6 posts, 0 answered