+1-888-365-2779
Try Now
More in this section

Forums / Security / How To Limit Login Attempts with Active Directory

How To Limit Login Attempts with Active Directory

4 posts, 0 answered
  1. Cameron
    Cameron avatar
    42 posts
    Registered:
    27 Jul 2009
    16 Sep 2010
    Link to this post
    Hi all - I'm trying to figure out how to limit the number of login attempts allowed and notify the admin after so many attempts. I'm using Active Directory as the membership provider.

    I've looked at this post, http://www.sitefinity.com/blogs/gabesumner/posts/10-03-04/how_to_secure_sitefinity_rsquo_s_administrative_ui.aspx   , which does a great job of giving some security examples. I tried using the maxInvalidPasswordAttempts="5" in the web.config file, but I'm guessing its not working because I'm not using Sitefinity's built-in security.

    Anyone know how to accomplish this?

    Thanks!
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    16 Sep 2010
    Link to this post
    Hello Michael Buchsbaum,

    Membership.MaxInvalidPasswordAttempts Property  is a property of the standard ASP.NET Membership provider. If your Active Directory provider is of type System.Web.Security.ActiveDirectoryMembershipProvider  you should be able to use ActiveDirectoryMembershipProvider.MaxInvalidPasswordAttempts Property . Sitefinity is just acceptor of AD provider  and its roles. PasswordAttempts are saved into the database through SqlCommand with parameters and you could implement /enable this for your AD provider. ActiveDirectoryMembershipProvider inherits from MembershipProvider class.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Cameron
    Cameron avatar
    42 posts
    Registered:
    27 Jul 2009
    16 Sep 2010
    Link to this post
    Thanks for the quick reply Ivan. I'm actually using this provider type, Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    17 Sep 2010
    Link to this post
    Hi Michael Buchsbaum,

    Our provider is only wrapper for ActiveDirectoryMembershipProvider which allows you to connect your AD to Sitefinity. In your database from where you get AD users you should have a table where PasswordAttempts are saved. For the provider for Active Directory, this attribute only controls the number of password answer attempts that are not valid. The directory engine itself handles password lockouts.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
4 posts, 0 answered