1 Replies - 920 Views - Last Post: 19 March 2019 - 02:12 AM

#1 fearfulsc2   User is offline

  • D.I.C Regular

Reputation: 18
  • View blog
  • Posts: 292
  • Joined: 25-May 16

.NET core log unauthorized attempts

Posted 18 March 2019 - 10:47 AM

Hi everyone,

I am implementing some basic windows authorization/authentication in .NET core 2.1 and I can't seem to find a way to log the authorize attribute unless I create a custom attribute that inherits from the Authorize Attribute

Is there a way for me to inject some middle-ware into the Authorize attribute so that I can do some logging for unauthorized attempts?
Is This A Good Question/Topic? 0
  • +

Replies To: .NET core log unauthorized attempts

#2 andrewsw   User is offline

  • never lube your breaks
  • member icon

Reputation: 6829
  • View blog
  • Posts: 28,318
  • Joined: 12-December 12

Re: .NET core log unauthorized attempts

Posted 19 March 2019 - 02:12 AM

You might investigate using error handling and an ExceptionFilter demonstrated here. I am assuming that an UnauthorizedAccessException is raised consistently by the authorize attribute? Check this first, otherwise error handling won't help.

Request Response logging might be another route (excuse the pun); for this you would need to check whether the full information that you want to log is available.

A third idea that occurred to me was to target where, and when, an unauthorized user is redirected, although this seems a little more invasive.

Sorry I don't have more specific advice.

But... isn't a filter (IAuthorizationFilter) the correct way to approach this? example

The example uses the OnAuthorization method; when ForbidResult is raised this seems the ideal point to log details.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1