I am using the asp.net login control with sql server integration. I don’t see any references anywhere to being able to log the logins and disabling logins if too many bad passwords are attempted.
Is there a VB codebehind event that can be triggered if it’s a bad username/password combo? Basically I had the idea of creating a table that logs the ip and time and whether or not the login was successful. From there I can disable the login control if a certain number of failed logins occur within a timeframe.
Here is a link to the events that the login control exposes. There’s a really good explanation for each of them:
http://msdn.microsoft.com/en-us/library/9x0hd040.aspx
Hint: LoginError event to log failures
MaxInvalidAttempts is set in the membership provider configuration: MaxInvalidPasswordAttempts
http://msdn.microsoft.com/en-us/library/system.web.security.membership.aspx