Here is how I get the number of failed AD log in attempts in my old webforms log in app:
[Authentication.cs]
var pc = new PrincipalContext(ContextType.Domain, "blahnet.blahad.com", "dc=blahnet,dc=blahad,dc=org");
bool validated = pc.ValidateCredentials(username, password, ContextOptions.Negotiate);
var ADElement = IdentityType.SamAccountName;
var up = UserPrincipal.FindByIdentity(pc, ADElement, username);
int numberOfFailedLoginAttempts = up.BadLogonCount;
And here is what I have so far for authentication in my new MVC 5 login app.
[web.config]
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear />
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="SamAccountName" />
</providers>
</membership>
</system.web>
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://blahnet.blahad.com:389/DC=blahnet,DC=blahad,DC=com" />
</connectionStrings>
[AccountController.cs]
bool validated = Membership.ValidateUser(model.UserName, model.Password);
With this new method, how can I get the number of failed AD log in attempts like above?
Any help would be greatly appreciated.
Membership class is generic. To get that AD specific property of an account, my guess is you will still have to use UserPrincipal instance of the account. BTW, if possible you can also use a product like Manage Engine's Auditing: http://www.manageengine.com/products/active-directory-audit/