ARTICLE AD BOX
In our ASP.NET app, we would like to be able to tell if anyone accesses any of our endpoints without passing our MFA.
I'm trying to investigate the possible ways to achieve this. Ultimately, this is only about knowing if the issue is happening.
Some ideas:
Register every login attempt in a Login table (will produce large number of database records)
Construct a "timeline" for each user to determine if they have passed MFA and log the timeline only if they have not passed MFA (will require a lot fewer records)
Any other ideas as to how to approach this? We are currently using Log4net in our app and it would be impractical to change logging packages.
