User Tracking

naimish's Avatar author of User Tracking
This is an article on User Tracking in ASP.NET.
Rated 5.00 By 1 users

Introduction



At present many are using the Production URL with the same cuid (User id). There is no log maintained about the login of the user. Even when some user logs in to the system and does some changes in the contents either intentionally or accidentally, it is difficult to track it.
The proposed solution will maintain a log about the login of the user and will send the mail whenever there is an unauthorised usage

Background



The solution is a ASP.NET based web application. It does the following
1. Validates the login credential of the user. If the login attempt is successful it displays success message, if it is a failed login it throws Login Failed message. But if there are more than 3 consequetive failed attemts, then the application sends email message to the concerned user and the admin.
2.Maintains a log about the status of the login whether success or failed, time of the login along with the Userid and password supplied by the user

The code



Code: CSharp
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Mail;
namespace UserTracking
{
    /// <summary>
    /// Summary description for WebForm1.
    /// </summary>
    public class WebForm1 : System.Web.UI.Page
    {
        protected System.Web.UI.WebControls.Label lblUserName;
        protected System.Web.UI.WebControls.Label lblPassword;
        protected System.Web.UI.WebControls.TextBox tbxUserName;
        protected System.Web.UI.WebControls.TextBox tbxPassword;
        protected System.Web.UI.WebControls.Button btnSubmit;
        protected System.Web.UI.WebControls.RegularExpressionValidator RegularExpressionValidator1;
        protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
        protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
        protected System.Web.UI.WebControls.Label lblMessage;
        System.Web.Mail.MailMessage mailMessage;

        private void Page_Load(object sender, System.EventArgs e)
        {
            // Put user code to initialize the page here
        }

        #region Web Form Designer generated code
        override protected void OnInit(EventArgs e)
        {
            //
            // CODEGEN: This call is required by the ASP.NET Web Form Designer.
            //
            InitializeComponent();
            base.OnInit(e);
        }

        /// <summary>
        /// Required method for Designer support - do not modify
        /// the contents of this method with the code editor.
        /// </summary>
        private void InitializeComponent()
        {
            this.btnSubmit.Click += new System.EventHandler(this.btnSubmit_Click);
            this.Load += new System.EventHandler(this.Page_Load);
        }
        #endregion

        private void btnSubmit_Click(object sender, System.EventArgs e)
        {
            /*if (tbxUserName.Text== "Kalidas" && tbxPassword.Text == "Krsna")
            {
             lblMessage.Text="Hi 1";
   
            }*/

            int totAttempt = UserTracking.DBConn.fnValidate(Convert.ToInt32(tbxUserName.Text), tbxPassword.Text);
            //lblMessage.Text=totAttempt.ToString();
            if (totAttempt == 0)
            {
                lblMessage.Visible = true;
                lblMessage.Text = "Login Success";
            }
            else
            {
                if (totAttempt > 3)
                {
                    lblMessage.Visible = true;
                    lblMessage.Text = "Unauthorised Usage";
                    mailMessage = new MailMessage();

                    mailMessage.From = "kxax@Qwest.com";
                    //mailMessage.To = "[EMAIL="kalidas.a@tcs.com"]kalidas.a@tcs.com[/EMAIL] ";
                    mailMessage.To = "kalidas.a@qwest.com";

                    mailMessage.Subject = "Test subject";
                    mailMessage.BodyFormat = System.Web.Mail.MailFormat.Text;
                    mailMessage.Body = "Unauthorized User Entry ";
                    System.Web.Mail.SmtpMail.SmtpServer = "localhost";
                    System.Web.Mail.SmtpMail.Send(mailMessage);

                }
                else
                {
                    lblMessage.Visible = true;
                    lblMessage.Text = "Login Failed";
                }
            }

        }
    }
}
Code:
Alter procedure uspLoginValidation
(
	@Userid int , 
	@Password nchar(15)
	--@attempt int output
	--@totattempt int output
)
as 

Begin
	Declare @flag bit
	if exists (Select userid,password  from tbllogin a where a.userid = @userid and a.password =@password )
	Begin
	   set @flag = 1 
	   delete tbllogin_log where userid = @Userid and  status = 0 
	end
	Else
	Begin
		set @flag = 0
	End	 
	insert into tbllogin_log select @userid , @Password, @flag , Getdate()
	--set @totattempt = (select count(status) from tbllogin_log where status = 0)
	select count(status) from tbllogin_log where status = 0 and userid = @Userid and Filetimestamp > Getdate() -30
End
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Nominate this article for Article of the month - Jul 2009
dasli's Avatar
Go4Expert Member
sometimes can read many usefull information...
thanks
naimish like this
naimish's Avatar
Banned
Thanks, The Pleasure is mine and shabbir too
szoasis's Avatar, Join Date: Nov 2010
Light Poster
Thanks
mukeshsoftona's Avatar
Banned
i love to read it thanks buddy.
It was really a helpful content. Keep sharing…

Last edited by shabbir; 3May2012 at 14:16.. Reason: Confine Links to Signatures
deonrock's Avatar, Join Date: Jan 2013
Newbie Member
I tried this code in my project.....but this this not showing any proper output.....