How to Track User Login

[Mel]

I am using "windows" authentication mode. I would like to store the
username and various information when the user logs on to the website.
Any ideas?

It would be a bonus to store the logout time too but I hear that is
difficult and unreliable but if anyone knows a way to do that too I am
all ears.


(Visual Studio 2005, Asp.net 2.0, Visual Basic)

 

[Guest]

Hi Mel,
if you are using windows authentication IIS is responible for authenticating
your user. Do you allow anonymous users to access your application? If no you
can handle your login in Session_Start. Handling logout is difficult because
if user closes browser you do not receive any information about it (unless
you build some mechanism to ping application from browser in short
intervals). You also can fully believe to Session_End because it is raised
only if session is running InProc = locally in asp.net worker process.

Regards,
Ladislav

 

[Guest]

*You also cannot believe to Session_End ...

Hi Mel,
if you are using windows authentication IIS is responible for authenticating
your user. Do you allow anonymous users to access your application? If no you
can handle your login in Session_Start. Handling logout is difficult because
if user closes browser you do not receive any information about it (unless
you build some mechanism to ping application from browser in short
intervals). You also can fully believe to Session_End because it is raised
only if session is running InProc = locally in asp.net worker process.

Regards,
Ladislav

 

[Mel]

Hi Mel,
if you are using windows authentication IIS is responible for authenticating
your user. Do you allow anonymous users to access your application? If no you
can handle your login in Session_Start. Handling logout is difficult because
if user closes browser you do not receive any information about it (unless
you build some mechanism to ping application from browser in short
intervals). You also can fully believe to Session_End because it is raised
only if session is running InProc = locally in asp.net worker process.

Regards,
Ladislav

Cool. I will just add a Global.asax to my project and try adding my
code to the Session_Start procedure. I'll post the code here when I
get it finished.

 

[Mel]

Cool. I will just add a Global.asax to my project and try adding my
code to the Session_Start procedure. I'll post the code here when I
get it finished.

I successfully added the Global.asax as a new item in my Visual Studio
2005 web project. I set some session variables and then store the
user, company and session id in an access database table called "Web
User Log". I was not successful in setting the session end time; it
just wasn't possible because my session state mode is not set to
InProc so I dismissed the idea. Here is the code if anyone is
interested....
Thanks to everyone for your help.

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs when a new session is started
Session("IsDeveloper") = False

'Set session variables
If Not
IsNothing(Context.User.Identity.Name.Substring(Context.User.Identity.Name.LastIndexOf("\")
+ 1)) Then
Session("CurUser") =
Context.User.Identity.Name.Substring(Context.User.Identity.Name.LastIndexOf("\")
+ 1)
Dim CurDom As String = "DC=mydomain, DC=local"
Dim LdapSvr As String = "mydomain.local"
Dim LdapPath As String = "LDAP://" & LdapSvr & "/" &
CurDom & ""
Dim DirEnt As DirectoryEntry = New
DirectoryEntry(LdapPath)
Dim ds As DirectorySearcher = New
DirectorySearcher(DirEnt, "(sAMAccountName=" & Session("CurUser") &
")")
ds.PropertiesToLoad.Add("mail")
ds.PropertiesToLoad.Add("sn")
ds.PropertiesToLoad.Add("givenName")
ds.PropertiesToLoad.Add("company")
ds.PropertiesToLoad.Add("st")
ds.PropertiesToLoad.Add("l")
ds.PropertiesToLoad.Add("department")

Dim sr As SearchResult = ds.FindOne
Session("SN") =
sr.GetDirectoryEntry().Properties("sn").Value
Session("GivenName") =
sr.GetDirectoryEntry().Properties("givenName").Value
Session("mail") =
sr.GetDirectoryEntry().Properties("mail").Value
Session("Company") =
sr.GetDirectoryEntry().Properties("company").Value
Session("St") =
sr.GetDirectoryEntry().Properties("st").Value
Session("city") =
sr.GetDirectoryEntry().Properties("l").Value
Session("department") =
sr.GetDirectoryEntry().Properties("department").Value
End If

If UCase(Session("CurUser")) = "DEVDUDE1" Or
UCase(Session("CurUser")) = "DEVDUDE2" Then
'don't store login date/time for the web developers who
repeatedly log in and out while debugging.
Session("IsDeveloper") = True
Else
If Not Session("CurUser") Is Nothing Then
'now writing user name and login time to the WebBMQ
database Web User Log table upon new session
Dim strConn As String = "Provider=Microsoft.Jet.OLEDB.
4.0;Data Source=\myserver\webbmq.mdb;"
Dim conWebOrdNum As New
System.Data.OleDb.OleDbConnection(strConn)
Dim strIns As String = "INSERT INTO [Web User Log]
([User],[Company],[Date/Time of Entry], [Session ID]) VALUES
(?,?,?,?)"
Dim cmdIns As New
System.Data.OleDb.OleDbCommand(strIns, conWebOrdNum)
conWebOrdNum.Open()
If Session("CurUser") Is Nothing Then
Else
cmdIns.Parameters.AddWithValue("User",
Session("CurUser").ToString)
End If

If Session("Company") Is Nothing Then
Else
cmdIns.Parameters.AddWithValue("Company",
Session("Company").ToString)
End If

If Session("CurUser") Is Nothing And
Session("Company") Is Nothing Then
Else
cmdIns.Parameters.AddWithValue("Date/Time of
Entry", Now.ToString)
cmdIns.Parameters.AddWithValue("Session ID",
Session.SessionID.ToString)
End If
cmdIns.ExecuteNonQuery()
conWebOrdNum.Close()
End If
End If
End Sub

 

[Steve]

You can put that into the Session_Start event in the Global.asax. In
fact, I don't see why you can't put the logout code in the Session_End
event. The logout time may not be accurate to the minute, because of the
session timeout, but you can get it pretty close...



Steve C.
MCAD,MCSE,MCP+I,CNE,CNA,CCNA

 

[Dan Colgan]

Steve C... If the Session_End never ever ever ever fires what is the
reason? - I've not ever been able to get it to fire and my Sessionstate
mode is "Inproc"

So far I see no validity in saying you can rely on Session_End since no
one on the web has been able to answer this question consistently.

 

[George Ter-Saakov]

Never say never.
How do you know that it's never ever fires?
It does always fire but if you have a bug in the code for Session_End then
it will quietly throw an exception and be caught by ASP.NET without you
knowing. Like for example if you tried to use Response or Request objects in
Session_End code.

Might have a trace in NT Event log though...

George.

 

[bruce barker]

you can rely on session_end if you use inproc, and there are no recyle
events. check your event log for recycles.


-- bruce (sqlwork.com)

 

[Dan Colgan]

Here's the code - you tell me why it doesn't fire

<SCRIPT LANGUAGE="VBScript" RUNAT="Server">

Const strLogFilePath= "C:\Inetpub\wwwroot\AOPCTraining\session.log"

Sub Application_OnStart
Application("Start") = Now()
End Sub

Sub Session_OnStart
Session.Timeout = 1
Session("Start") = Now()

Dim objFSO, objFile
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strLogFilePath, 8, True)
Set objFSO = Nothing
objFile.WriteLine "Session: " & Session.SessionID & " started at " &
Now ()
objFile.Close
Set objFile = Nothing
End Sub

Sub Session_OnEnd
Dim objFSO, objFile
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strLogFilePath, 8, True)
Set objFSO = Nothing
objFile.WriteLine "Session: " & Session.SessionID & " ended at " & Now
()
objFile.Close
Set objFile = Nothing
End Sub

Sub Application_OnEnd
End Sub

</SCRIPT>

 

[George Ter-Saakov]

I see, I thought you talking about ASP.NET not old asp.
It's known issue with plain ASP.


Also writing into file concurrently is not a good idea,
George.

 

[Dan Colgan]

This same exact code is in my global.asax file as well and it doesn't
work there either. ASP or ASP.net doesn't seem to matter, it just
doesn't work.

It seems puzzling to me why the code which is almost word for word in
the session_start doesn't work in the session_end? -