RE: Best way to monitor online user activity?

Discussion in 'ASP .Net' started by Steven Cheng[MSFT], Dec 8, 2006.

  1. Hello Matt,

    Do you mean you want to create a profile component that will log all the
    requests from each client users(to certain pages in the application)?

    Based on my experience, since you want to capture both the user identiy
    info and the page they're requesting, and also need to separate this
    profile logic from normal page code logic, I think using a custom
    HttpModule should be a good approach.

    Each page request arrive at IIS and ASP.NET runtime will be processed by an
    HttpApplication pipeline, and at the begining of the pipeline, there are
    series of httpModules that will do some preprocessing before the final
    handler that process the request. e.g. you can find those predefined
    built-in httpmodules in the global web.config(or machine.config for .net

    #each module is used for a certain service(such as SessionState,
    OutputCache, FormsAuth....)
    <add name="OutputCache"
    type="System.Web.Caching.OutputCacheModule" />
    <add name="Session"
    type="System.Web.SessionState.SessionStateModule" />
    <add name="WindowsAuthentication"
    type="System.Web.Security.WindowsAuthenticationModule" />
    <add name="FormsAuthentication"
    type="System.Web.Security.FormsAuthenticationModule" />
    <add name="PassportAuthentication"
    type="System.Web.Security.PassportAuthenticationModule" />
    <add name="RoleManager"
    type="System.Web.Security.RoleManagerModule" />
    <add name="UrlAuthorization"
    type="System.Web.Security.UrlAuthorizationModule" />
    <add name="FileAuthorization"
    type="System.Web.Security.FileAuthorizationModule" />
    <add name="AnonymousIdentification"
    type="System.Web.Security.AnonymousIdentificationModule" />
    <add name="Profile" type="System.Web.Profile.ProfileModule" />
    <add name="ErrorHandlerModule"
    type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile,
    Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

    For your scenario, you want to get the client user identity info and
    session info, you can create a custom httpmodule and configure it behind
    those built-in module. And in custom httpmodule code, you can hook the
    certain global event you want(see below msdn reference) and add the tracing
    and logging code there(you can easily get the requested path, or other
    client user info there also)

    #How To Create an ASP.NET HTTP Module Using Visual C# .NET

    #How to: Create Custom HTTP Modules

    Here is also a msdn reference introducing the ASP.ENT application's
    application life cycle:

    #ASP.NET Application Life Cycle Overview

    Hope this helps.


    Steven Cheng

    Microsoft MSDN Online Support Lead


    Get notification to my posts through email? Please refer to

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], Dec 8, 2006
    1. Advertisements

  2. Hi Matt,

    Thanks for your reply.

    As for httpmodule, there are many events we can hook in it. And as
    described in the following kb article:

    * AuthenticateRequest: Call this event when a security module needs to
    authenticate the user before it processes the request.
    * AuthorizeRequest: Call this event by a security module when the request
    needs to be authorized. Called after authentication.

    these two events a good place for get the authenticated user identity info
    in httpmodule. Also, make sure you need to put your custom module after
    other authentication specific modules(like the FormsAuthenticationModule

    As for the storage, I think database should be preferred if you want the
    logged data to be persistent and read anytime from other pages. Also, for
    short term log data(such as the ASP.NET trace), we can also store it in
    memory and set a sliding window. That means, the in-memory log and only
    hold a limited number of log records and after exceed the limit, the new
    log will override the olde one.

    Hope this helps.


    Steven Cheng

    Microsoft MSDN Online Support Lead

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], Dec 11, 2006
    1. Advertisements

  3. That's fine.

    good luck!


    Steven Cheng

    Microsoft MSDN Online Support Lead

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], Dec 12, 2006
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Antonio

    Monitor our web activity

    Antonio, Sep 15, 2005, in forum: ASP .Net
    Sep 15, 2005
  2. max
    Victor Bazarov
    Feb 12, 2007
  3. ScottZ
    Jorgen Grahn
    Nov 2, 2008
  4. nani
  5. Astra

    Best way to monitor a logged in user

    Astra, May 19, 2004, in forum: ASP General
    May 19, 2004

Share This Page