i’ve developed an intranet application and implemented an custom ASP.NET Membership Provider with Forms-Authentication.

Question

0

Asked: May 22, 20262026-05-22T21:16:09+00:00 2026-05-22T21:16:09+00:00

i’ve developed an intranet application and implemented an custom ASP.NET Membership Provider with Forms-Authentication.

0

i’ve developed an intranet application and implemented an custom ASP.NET Membership Provider with Forms-Authentication. I thought it would be a good idea to log all failed login attempts in DBMS. Hence i’ve created a table with following model:

enter image description here

Now my question:

Is it good practise to store this for safety reasons or is it even forbidden due to data protection reasons(germany)? I’m storing the original passwords hashed in db but the wrong passwords(or correct pw with wrong username) in the log-table are in clear-text.

Somebody could argue that everybody with access to this table could get user’s passwords not alone for this application but for others too, because people who have forgotten their passwords (or their username) might try out others as well.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T21:16:10+00:00

Editorial Team

2026-05-22T21:16:10+00:00Added an answer on May 22, 2026 at 9:16 pm

Not a good idea for users who misspell their user ID but give the correct password!

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

i’ve developed an intranet application and implemented an custom ASP.NET Membership Provider with Forms-Authentication.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply