oqtane · sbwalker · May 5, 2022 · May 5, 2022
diff --git a/Oqtane.Client/Modules/Admin/Login/Index.razor b/Oqtane.Client/Modules/Admin/Login/Index.razor
@@ -184,7 +184,7 @@
 			var interop = new Interop(JSRuntime);
 			if (await interop.FormValid(login))
 			{
-				var user = new User { SiteId = PageState.Site.SiteId, Username = _username, Password = _password};
+				var user = new User { SiteId = PageState.Site.SiteId, Username = _username, Password = _password, LastIPAddress = SiteState.RemoteIPAddress};
 
 				if (!twofactor)
 				{

diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs
@@ -327,6 +327,8 @@ public async Task<User> Login([FromBody] User user)
                     var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, true);
                     if (result.Succeeded)
                     {
+                        var LastIPAddress = user.LastIPAddress;
+
                         user = _users.GetUser(user.Username);
                         if (user.TwoFactorRequired)
                         {
@@ -353,7 +355,7 @@ public async Task<User> Login([FromBody] User user)
                                 {
                                     loginUser.IsAuthenticated = true;
                                     loginUser.LastLoginOn = DateTime.UtcNow;
-                                    loginUser.LastIPAddress = HttpContext.Connection.RemoteIpAddress.ToString();
+                                    loginUser.LastIPAddress = LastIPAddress;
                                     _users.UpdateUser(loginUser);
                                     _logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful {Username}", user.Username);
                                 }

diff --git a/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs b/Oqtane.Server/Security/AutoValidateAntiforgeryTokenFilter.cs
@@ -1,21 +1,25 @@
 using System;
-using System.Diagnostics;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Antiforgery;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.AspNetCore.Mvc.ViewFeatures;
+using Microsoft.Extensions.Logging;
+using Oqtane.Shared;
 
 namespace Oqtane.Security
 {
     public class AutoValidateAntiforgeryTokenFilter : IAsyncAuthorizationFilter, IAntiforgeryPolicy
     {
         private readonly IAntiforgery _antiforgery;
+        private readonly ILogger<AutoValidateAntiforgeryTokenFilter> _filelogger;
 
-        public AutoValidateAntiforgeryTokenFilter(IAntiforgery antiforgery)
+        public AutoValidateAntiforgeryTokenFilter(IAntiforgery antiforgery, ILogger<AutoValidateAntiforgeryTokenFilter> filelogger)
         {
             _antiforgery = antiforgery;
+            _filelogger = filelogger;
         }
 
         public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
@@ -39,7 +43,7 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
                 catch
                 {
                     context.Result = new AntiforgeryValidationFailedResult();
-                    Debug.WriteLine($"Oqtane Error: AutoValidateAntiforgeryTokenFilter Failure on {context.HttpContext.Request.Path}");
+                    _filelogger.LogError(Utilities.LogMessage(this, $"AutoValidateAntiforgeryTokenFilter Failure For {context.HttpContext.Request.GetEncodedUrl()}"));
                 }
             }
         }