我创建的Asp.Net Mvc web应用程序w / c正在使用Windows身份验证。 我的要求是捕获并记录无效的登录尝试但不知道如何操作。试图谷歌,但没有运气。
这是我到目前为止所尝试的内容。 使用以下代码,
列出项目 它在IE中3次无效尝试后触发,但不知道如何获取用户名输入。 Global.asax中
protected void Application_EndRequest(Object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
if (context.Response.Status.Substring(0, 3).Equals("401"))
{
//Capture user name for further processing
//
context.Response.ClearContent();
context.Response.Write("You are un authorized ");
}
}
提前致谢,希望有人可以提供帮助。
答案 0 :(得分:0)
Windows已在Windows事件日志中捕获并记录无效登录尝试。使用Event Viewer
下的应用Windows Logs/Security
可以看到这一点。但我们也可以使用C#检索这些日志。
以管理员身份打开Visual Studio 并添加此代码。只是为了测试我们将获得最后10条记录。
EventLog securityLog = new EventLog("Security");
var logOnAttempts = (from log in securityLog.Entries.Cast<EventLogEntry>()
where log.EntryType==EventLogEntryType.SuccessAudit
orderby log.TimeGenerated descending
select log
).Take(10).ToList();
我上次日志的属性Message
说:
A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-21-3657345512-3965846940-1053971979-1002
Account Name: Daniel_2
Account Domain: Acer
Logon ID: 0x29058
Account Whose Credentials Were Used:
Account Name: jjjjj
Account Domain:
&#34; jjjjj&#34;是我在尝试登录页面时输入的用户名,Daniel_2是我的Windows帐户。可以通过属性ReplacementStrings
轻松提取此值。在我的情况下ReplacementStrings[5]
让我&#34; jjjjj&#34;。我认为EventLog条目的查询需要按应用程序和日期时间进行过滤,因此只有在Web应用程序部署到IIS后才会显示登录。
答案 1 :(得分:0)
最后使它工作,使用Application_EndRequest事件完全摆脱我的第一个代码。
感谢derloopkat。
Global.asax Session_Start事件的代码。
protected void Session_Start(object sender, EventArgs e)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
string currentUser = HttpContext.Current.User.Identity.Name;
Int32 expiryMin = Convert.ToInt32(ConfigurationManager.AppSettings["CacheExpirationInMinutes"]);
// call our procedure
auditLog(currentUser);
bool IsActive = accessMaintenance.IsActive(currentUser);
if (IsActive)
{
// handling if user is valid/not locked...
}
else
{
// Other handling if user is locked...
}
}
}
auditLog程序
private void auditLog(string user)
{
// Get logs from event viewer
string userName = ExtractUserAlias(user);
EventLog securityLog = new EventLog("Security");
var logOnAttempts = (
from log in securityLog.Entries.Cast<EventLogEntry>()
where log.EventID == 4625 || log.EventID== 4624 && log.ReplacementStrings[5] == userName
orderby log.TimeGenerated descending
select log
).Take(20).ToList();
//Store user logs to db if logs does not exists.
//Store in DB for reporting purposes
DataAccess db = new DataAccess();
foreach (var x in logOnAttempts)
{
string entryType = "";
switch (x.EntryType)
{
case EventLogEntryType.SuccessAudit:
entryType = "SuccessAudit";
break;
case EventLogEntryType.FailureAudit:
entryType = "FailureAudit";
break;
}
SqlCommand com = new SqlCommand();
com.CommandType = System.Data.CommandType.StoredProcedure;
com.CommandText = "Sp_LogUser";
com.Parameters.AddWithValue("@UserName", userName);
com.Parameters.AddWithValue("@EntryType", entryType);
com.Parameters.AddWithValue("@TimeGenerated", x.TimeGenerated);
com.Parameters.AddWithValue("@Details", x.Message);
db.ExecuteNonQuery(com);
}
// logic to to validate and lock user
SqlCommand com2 = new SqlCommand();
com2.CommandType = System.Data.CommandType.StoredProcedure;
com2.CommandText = "Sp_validateAndLockUser";
com2.Parameters.AddWithValue("@Username", @userName);
db.ExecuteNonQuery(com2);
}