ASP.NET 身份验证审核日志收集

在配置文件中,首先需要创建必要的表格,然后添加healthMonitoring部分并启用它。还将为成功和错误身份验证事件创建事件映射。

<healthMonitoring enabled="true"> <providers> <add name="MsSqlAuditWebEventProvider" type="System.Web.Management.SqlWebEventProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="DB_Logowanie" buffer="false" /> </providers> <eventMappings> <add name="AuthenticationSuccess" type="System.Web.Management.WebAuthenticationSuccessAuditEvent, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> <add name="AuthenticationFailure" type="System.Web.Management.WebAuthenticationFailureAuditEvent, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </eventMappings> <rules> <add name="MsSql Auth Success Critical" eventName="AuthenticationSuccess" provider="MsSqlAuditWebEventProvider" profile="Critical" /> <add name="MsSql Auth Failure Critical" eventName="AuthenticationFailure" provider="MsSqlAuditWebEventProvider" profile="Critical" /> </rules> </healthMonitoring>

在上述配置中,故意禁用了缓冲,以确保所有事件都存储在数据库中。对于真正的高负载情况,您可能需要启用缓冲并将bufferMode设置为Critical Notification。

最后,需要将事件与提供程序绑定。在应用了上述设置后,审核事件应该开始出现在aspnet_WebEvent_Events表中。让看看它们揭示了哪些信息:

例如,成功身份验证事件:

Event code: 4002 Event message: Membership credential verification succeeded. Event time: 11/20/2013 2:13:55 PM Event time (UTC): 11/20/2013 1:13:55 PM Event ID: c7096dc16a26445cba2b6f67919c0a1a Event sequence: 2300 Event occurrence: 1 Event detail code: 0

应用程序信息:

Application domain: /LM/W3SVC/1693641394/ROOT/logowanie-4-130294218493519428 Trust level: Full Application Virtual Path: /logowanie Application Path: \\ASP.Net\TestApp\logowanie\ Machine name: WEB-02

进程信息:

Process ID: 6920 Process name: w3wp.exe Account name:TEST\iis_zrodla

请求信息:

Request URL: http://localhost/logowanie/logon Request path: /logowanie/logon User host address: 172.20.11.150 User: Is authenticated: False Authentication Type: Thread account name: TEST\iis_zrodla

需要验证的名称:peter.null@test.pl

例如,身份验证失败事件:

Event code: 4006 Event message: Membership credential verification failed. Event time: 11/20/2013 2:20:23 PM Event time (UTC): 11/20/2013 1:20:23 PM Event ID: 8e1a137591ad43feb596f00a23bf5ec7 Event sequence: 4706 Event occurrence: 12 Event detail code: 0

应用程序信息:

Application domain: /LM/W3SVC/1693641394/ROOT/logowanie-3-130294169828149952 Trust level: Full Application Virtual Path: /logowanie Application Path: \\ASP.Net\TestApp\logowanie\ Machine name: WEB-17

进程信息:

Process ID: 3584 Process name: w3wp.exe Account name: TEST\iis_zrodla

请求信息:

Request URL: http://localhost/logowanie/logon Request path: /logowanie/logon User host address: 172.20.11.150 User: Is authenticated: False Authentication Type: Thread account name: TEST\iis_zrodla
沪ICP备2024098111号-1
上海秋旦网络科技中心:上海市奉贤区金大公路8218号1幢 联系电话:17898875485