I have searched but have not found any documentation outlining the best way to log each successful or failed attempt to get an access token and store the date/time and IP of the request. Where would I be able to do this within an application?
Add a comment
|
1 Answer
Ok. It's odd that there isn't any interest in answering this question.
After some trial/error and debug tracing, I found that the ApplicationOAuthProvider, located in the Providers folder in a typical ASP.NET Web API template, contains the following:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
//log the authentication attempt here
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
I put a comment in the code to show where logging could be implemented. I hope that helps.