Locking down access to admin /content management login

NCV MEEK asked on September 12, 2019 17:33

I am looking for some advice/best practice about how to lock down access on our live webservers. We dont want anyone to be able to access or even see the admin login page. Obviously if we did need access we could re-enable it, and we have also thought about only allowing the access from "localhost".

There seem to be a number of URLs that get to the login page (../admin, ../administration, ../CMSPages/logon.aspx, etc), and I would like to know if anyone out there has recommendations for how to do this reliably and robustly?

Thanks

Correct Answer

Brenden Kehren answered on September 12, 2019 19:56

There are a few ways you can handle this and it depends on how you have your sites setup/developed too. If you're using MVC, simply have a subdomain for the user to go to. Pretty simple, no need to obscure anything else.

If you're using portal or aspx, I'd suggest restricting access to the URL's you mention by IP address. You can also restrict it by roles, which is a standard asp.net functionality.

0 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.