Reputation: 952
ASP.NET Identity IP Block
I was wondering, if it is possible to implement with ASP.NET Identity an IP block, if someone tries to log in xxx times with wrong username/password. Or if now, how would you solve this? On IIS or simply by logging all login attempts to the DB and check each time someone logs in, how often he has logged in with wrong credentials and in case he exceeds the maximum, add him to a block table?
Upvotes: 0
Views: 672
Answers (1)
Reputation: 1129
If you're using IIS, you can use the approach you outline and use the IIS IP ban list as your block table. To add IP-adresses to the block list, use WMI as described here http://www.codeproject.com/Articles/4671/How-to-Programmatically-add-IP-Addresses-to-IIS-s
However, IP banning has some issues: you'll want to consider removing items from the block list after a given amount of time, multiple users may use the same external IP etc. So you probably want to set your limits pretty high, and prefer username blocking over IP blocking.
Upvotes: 1
Related Questions
- C# ASP.NET Single Sign-On Implementation
- ASP.Net Identity 2.0 AccessFailedCount not incrementing
- ASP.NET Web Site or ASP.NET Web Application?
- ASP.NET Core Web API Authentication
- ASP.Net Core Identity login status lost after deploy
- Prevent authentication bypass via response manipulation with ASP.NET Core Identity implementation
- How using try catch for exception handling is best practice
- ASP.NET Identity - HttpContext has no extension method for GetOwinContext
- Read Post Data submitted to ASP.Net Form
- How to implement custom authentication in ASP.NET MVC 5