在配置文件中,首先需要创建必要的表格,然后添加healthMonitoring部分并启用它。还将为成功和错误身份验证事件创建事件映射。
<healthMonitoring enabled="true">
<providers>
<add name="MsSqlAuditWebEventProvider" type="System.Web.Management.SqlWebEventProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="DB_Logowanie" buffer="false" />
</providers>
<eventMappings>
<add name="AuthenticationSuccess" type="System.Web.Management.WebAuthenticationSuccessAuditEvent, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add name="AuthenticationFailure" type="System.Web.Management.WebAuthenticationFailureAuditEvent, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</eventMappings>
<rules>
<add name="MsSql Auth Success Critical" eventName="AuthenticationSuccess" provider="MsSqlAuditWebEventProvider" profile="Critical" />
<add name="MsSql Auth Failure Critical" eventName="AuthenticationFailure" provider="MsSqlAuditWebEventProvider" profile="Critical" />
</rules>
</healthMonitoring>
在上述配置中,故意禁用了缓冲,以确保所有事件都存储在数据库中。对于真正的高负载情况,您可能需要启用缓冲并将bufferMode设置为Critical Notification。
最后,需要将事件与提供程序绑定。在应用了上述设置后,审核事件应该开始出现在aspnet_WebEvent_Events表中。让看看它们揭示了哪些信息:
例如,成功身份验证事件:
Event code: 4002
Event message: Membership credential verification succeeded.
Event time: 11/20/2013 2:13:55 PM
Event time (UTC): 11/20/2013 1:13:55 PM
Event ID: c7096dc16a26445cba2b6f67919c0a1a
Event sequence: 2300
Event occurrence: 1
Event detail code: 0
应用程序信息:
Application domain: /LM/W3SVC/1693641394/ROOT/logowanie-4-130294218493519428
Trust level: Full
Application Virtual Path: /logowanie
Application Path: \\ASP.Net\TestApp\logowanie\
Machine name: WEB-02
进程信息:
Process ID: 6920
Process name: w3wp.exe
Account name:TEST\iis_zrodla
请求信息:
Request URL: http://localhost/logowanie/logon
Request path: /logowanie/logon
User host address: 172.20.11.150
User:
Is authenticated: False
Authentication Type:
Thread account name: TEST\iis_zrodla
需要验证的名称:peter.null@test.pl
例如,身份验证失败事件:
Event code: 4006
Event message: Membership credential verification failed.
Event time: 11/20/2013 2:20:23 PM
Event time (UTC): 11/20/2013 1:20:23 PM
Event ID: 8e1a137591ad43feb596f00a23bf5ec7
Event sequence: 4706
Event occurrence: 12
Event detail code: 0
应用程序信息:
Application domain: /LM/W3SVC/1693641394/ROOT/logowanie-3-130294169828149952
Trust level: Full
Application Virtual Path: /logowanie
Application Path: \\ASP.Net\TestApp\logowanie\
Machine name: WEB-17
进程信息:
Process ID: 3584
Process name: w3wp.exe
Account name: TEST\iis_zrodla
请求信息:
Request URL: http://localhost/logowanie/logon
Request path: /logowanie/logon
User host address: 172.20.11.150
User:
Is authenticated: False
Authentication Type:
Thread account name: TEST\iis_zrodla