On Login Event/ScriptBlock? [UDv2.9]

Is there something in universal dashboard v2.9 that triggers or happens when a user logs in to track a successful login, maybe even run a script block? I’m using Azure AD Auth running in an Azure App Service. I do have logs for my azure ad app registration and this is what I have been currently using and I can get by with those details, however I have a separate Azure log analytics workspace where I send in app actions (button click, changes the user makes) to that spot. For example the function I made to write to my custom log is Write-UDLog -User $User -Action “Update” -ActionDetails “$User Updated XYZ”

I’d like to do something like, Write-UDLog -User $User -Action “Login” -ActionDetails “$User logged in from IP $IP”
But I don’t know how I could run that function when a user successfully logs in and only when they login. Hopefully that make sense.

Dont you have the https://docs.universaldashboard.io/security/authorization/claims-based ?
if you do, just log from within that function.

So you’re saying inside of
$AuthorizationPolicy = New-UDAuthorizationPolicy -Name “Policy” -Endpoint {
$User.HasClaim(“group”, “administrator”)

I can run cmdlets/functions for that user on login? If so that’s beautiful and angry at myself for not doing this sooner.

well I have not tested it, but I really dont see why it should not work.
well it’s possible that the write-udlog is not exposed in it, but you could use standard powershell for the logging if not.

Working on my dev build atm to see if I can get that to work.

@McAndersDK I think that will work. It fails with my specific function, I just get held up at during the login process, but if I change the cmdlet to Get-Date|Out-File C:\login.txt it outputs to that file only when I login it seems. So probably something in my function I’ll need to modify to make work it work in that script block. Thanks for the assistance!

Looks like the method I’m using to get the user’s IP doesn’t work in that script block as the $Request variable isn’t available. @adam in the New-UDAuthorizationPolicy endpoint, is there a way to get the user’s remote ip address? Nothing stood out to me in the vscode debuging screen as far as available variables inside that script block.

There seems to be availability from the Azure AD App Registration to pass the ipaddr through the claims.

I enabled it but didn’t see it in the $ClaimsPrincipal variable. Looks like from reading their docs the application has to request those claims, they aren’t included by default?

Provide optional claims to Azure AD apps - Microsoft identity platform | Microsoft Docs

@RamonMA make a github request for it :slight_smile:
so we can access the $request from it :slight_smile:
I would say it make perfect sense to have access to the IP in the role mapping.