I assume that you are using standard logon page for logging into CMS
Desk which can be found in ~/CMSPages/Logon.aspx
location. If so, you can add your custom code which will track number of attempts per user name (this.Login1.UserName
) in this file in Login1_LoginError
In this case you can store user name (this.Login1.UserName
), used password (this.Login1.Password
) and for example IP address of the visitor (http://forums.asp.net/p/892765/953638.aspx
) into web analytics as custom statistics:http://devnet.kentico.com/docs/devguide/creating_custom_reports.htm
You can then check the data from database whether the user exceeded number of attempts and simply you can disable the user via Kentico CMS API (set UserEnabled property of existing user [UserInfo object]):http://devnet.kentico.com/docs/devguide/managing_users.htm
Once the account is disabled, user will not be able to log in.
However, we do not recommend you to use this approach since someone could try to log in as different user and at this point such user account will be disabled.
So, I would recommend you to just send an e-mail to administrator in case someone is trying repetitively to log in as some other user with detail information (user name, password, IP address).