0

I'm adding ASP.Net Identity to an existing site and I need to be able to record in an audit trail when a user signs in and signs out.

Are there any events or methods that I can override that are triggered when a user successfully signs in or out but not for every time they request a page during a session? This also includes when a user session expires and they are automatically signed out.

The site has a requirement to support both local users and Windows Integrated Authentication (there are multiple deployments and it is selectable by the customer) so I either need something that works for both types of authentication or a separate ways for each.

The site uses Web Forms, asmx web services and WebAPI services so it needs to be compatible for all of these although initial login is always through a form on a web page.

Edit: I found this https://stackoverflow.com/a/24399919/1093406 showing the use of ICookieAuthenticationProvider.ValidateIdentity but this looks to be every time the user makes a request instead of just the initial logon; it also doesn't work for Windows Integrated Authentication.

Community
  • 1
  • 1
Mog0
  • 1,689
  • 1
  • 16
  • 40
  • ASP.NET Identity 2 does not have any built-in functionality for recording user activities. this link maybe useful [Implementing Audit Trail using Entity Framework Part -1](http://forums.asp.net/t/1928997.aspx?Implementing+an+Audit+module+for+my+asp+net+mvc+web+application). – Mohsen Esmailpour Apr 21 '15 at 11:54
  • 1
    As far as I know there are no events that you use. Can't you create a log entry in the code that handles the login web page? – Rui Apr 21 '15 at 12:13
  • @Rui This would work for the local user case, but there isn't a login page for Windows Integrated Authentication. I was also hoping for something that was a bit more integrated so that if, in the future a need for a login via WebAPI was implemented, it would just work without needing to duplicate the audit call in the new method. – Mog0 Apr 21 '15 at 12:22
  • 1
    Can you not just override the Sign in methods in ApplicationSignInManager, such as ```public override Task PasswordSignInAsync(string userName, string password, bool isPersistent, bool shouldLockout)```? – Underscore Apr 21 '15 at 14:49

0 Answers0