How to log authentication or authorization events in ASP.NET Core 2.1?

Question

On IIS my web application responds with 403 Forbidden. To troubleshoot the issue I'd like to log events of Windows Authentication.

The setup in Startup.cs is as following:

services.AddAuthentication(IISDefaults.AuthenticationScheme);

services.AddAuthorization(options =>
{
      options.AddPolicy("Editor", policy =>
      {
           var sid = "my-sid";
           policy.RequireRole(sid);
      });
});

services.AddMvc((options) =>
{
    var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
});

Is it possible to attach any event listeners or hooks to the authentication or authorization process so that I can log what's happening?

I know that it's possible for JwtBearer middleware, see How do I log authorization attempts in .net core

How about using a custom AuthorizationHandler and AuthorizationRequirement instead of builtin "RequireRole" and implement your logging strategy in there? — Hasan, Aug 24 '18 at 14:16
Windows authentication is done by IIS and ASP.NET Core module passes the token to Kestrel. Thus, you won't be able to log authentication in your own code, as they execute too late in the pipeline. — Lex Li, Aug 24 '18 at 16:31

How to log authentication or authorization events in ASP.NET Core 2.1?

0 Answers0