User Tracking

Introduction

At present many are using the Production URL with the same cuid (User id). There is no log maintained about the login of the user. Even when some user logs in to the system and does some changes in the contents either intentionally or accidentally, it is difficult to track it.
The proposed solution will maintain a log about the login of the user and will send the mail whenever there is an unauthorised usage

Background

The solution is a ASP.NET based web application. It does the following
1. Validates the login credential of the user. If the login attempt is successful it displays success message, if it is a failed login it throws Login Failed message. But if there are more than 3 consequetive failed attemts, then the application sends email message to the concerned user and the admin.
2.Maintains a log about the status of the login whether success or failed, time of the login along with the Userid and password supplied by the user

The code

Code:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Mail;
namespace UserTracking
{
    /// <summary>
    /// Summary description for WebForm1.
    /// </summary>
    public class WebForm1 : System.Web.UI.Page
    {
        protected System.Web.UI.WebControls.Label lblUserName;
        protected System.Web.UI.WebControls.Label lblPassword;
        protected System.Web.UI.WebControls.TextBox tbxUserName;
        protected System.Web.UI.WebControls.TextBox tbxPassword;
        protected System.Web.UI.WebControls.Button btnSubmit;
        protected System.Web.UI.WebControls.RegularExpressionValidator RegularExpressionValidator1;
        protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
        protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
        protected System.Web.UI.WebControls.Label lblMessage;
        System.Web.Mail.MailMessage mailMessage;

        private void Page_Load(object sender, System.EventArgs e)
        {
            // Put user code to initialize the page here
        }

        #region Web Form Designer generated code
        override protected void OnInit(EventArgs e)
        {
            //
            // CODEGEN: This call is required by the ASP.NET Web Form Designer.
            //
            InitializeComponent();
            base.OnInit(e);
        }

        /// <summary>
        /// Required method for Designer support - do not modify
        /// the contents of this method with the code editor.
        /// </summary>
        private void InitializeComponent()
        {
            this.btnSubmit.Click += new System.EventHandler(this.btnSubmit_Click);
            this.Load += new System.EventHandler(this.Page_Load);
        }
        #endregion

        private void btnSubmit_Click(object sender, System.EventArgs e)
        {
            /*if (tbxUserName.Text== "Kalidas" && tbxPassword.Text == "Krsna")
            {
             lblMessage.Text="Hi 1";
    
            }*/
            int totAttempt = UserTracking.DBConn.fnValidate(Convert.ToInt32(tbxUserName.Text), tbxPassword.Text);
            //lblMessage.Text=totAttempt.ToString();
            if (totAttempt == 0)
            {
                lblMessage.Visible = true;
                lblMessage.Text = "Login Success";
            }
            else
            {
                if (totAttempt > 3)
                {
                    lblMessage.Visible = true;
                    lblMessage.Text = "Unauthorised Usage";
                    mailMessage = new MailMessage();

                    mailMessage.From = "kxax@Qwest.com";
                    //mailMessage.To = "[EMAIL="kalidas.a@tcs.com"]kalidas.a@tcs.com[/EMAIL] ";
                    mailMessage.To = "kalidas.a@qwest.com";

                    mailMessage.Subject = "Test subject";
                    mailMessage.BodyFormat = System.Web.Mail.MailFormat.Text;
                    mailMessage.Body = "Unauthorized User Entry ";
                    System.Web.Mail.SmtpMail.SmtpServer = "localhost";
                    System.Web.Mail.SmtpMail.Send(mailMessage);

                }
                else
                {
                    lblMessage.Visible = true;
                    lblMessage.Text = "Login Failed";
                }
            }

        }
    }
}

Code:

Alter procedure uspLoginValidation
(
	@Userid int , 
	@Password nchar(15)
	[EMAIL="--@attempt"]--@attempt[/EMAIL] int output
	[EMAIL="--@totattempt"]--@totattempt[/EMAIL] int output
)
as 

Begin
	Declare @flag bit
	if exists (Select userid,password  from tbllogin a where a.userid = @userid and a.password [EMAIL="=@password"]=@password[/EMAIL] )
	Begin
	   set @flag = 1 
	   delete tbllogin_log where userid = @Userid and  status = 0 
	end
	Else
	Begin
		set @flag = 0
	End	 
	insert into tbllogin_log select @userid , @Password, @flag , Getdate()
	--set @totattempt = (select count(status) from tbllogin_log where status = 0)
	select count(status) from tbllogin_log where status = 0 and userid = @Userid and Filetimestamp > Getdate() -30
End

 

sometimes can read many usefull information...
thanks

 

Thanks, The Pleasure is mine and shabbir too

 

Thanks:sifone:

 

i love to read it thanks buddy.

 

It was really a helpful content. Keep sharing…

 

I tried this code in my project.....but this this not showing any proper output.....