I have a .Net Core Web API with Custom Policy-Based Authorization (policies that check for claims and claims values on a JWT).
I need to log (to a database) every time a user call a Web API function, even when the authorization fail (especially on failures).
To do that I override these methods OnActionExecuting
and OnResultExecuted
(because i want to log every request on one filter, and, in other filter, the result of the request). But, if the Authorization fail, both filters never were trigged.
That's because the Authorization filter goes before the other filters (and if the request is unauthorized, short-circuit the pipeline).
So, when a user call a method without authorization I can't log it (i'm using Serilog to write a log file on the server, and works fine when authorization fail, but I want to log it to the database like when authorization is fine).
I try to write some filter before or after Authorization but I couldn't do it. May be i'm not thinking in the right way, and is more simple.
I read all this, but i couldn't figured out yet:
Asp.Net Core policy based authorization ends with 401 Unauthorized
How do you create a custom AuthorizeAttribute in ASP.NET Core?
Thanks!