Thread the request context through CheckUserCredentials so the LoginFailedEvent carries IP, user agent and request id — without it, failed logins were the one auth event useless for brute-force tracing. All four callers have the request at hand. |
||
|---|---|---|
| .. | ||
| shared | ||
| v1 | ||
| v2 | ||