I wrote a Windows Authenticated ASP .NET MVC 5.0 running on IIS7 using role based security on the controllers. When not authorized the user is presented with the login window.
My boss wants all of the 401 Unauthorized errors logged to a database for auditing purposes. Log file parsing comes to mind but that sounds like looking for a needle in a haystack. There must be a better way.
I don't have a clue how to implement this and cannot even understand what information I can get to identify who is trying to connect.
Any help would be appreciated.