Monthly Archives: May 2014

tracking login history of web matrix starter site template

Posted on by

Many newer sites are allowing users to see the last time they logged onto the system as an additional security feature.

I was not able to locate any functionality built into the web matrix 3.0 starter site template that would allow a user to view their last login history.

However with a few changes to the included database and the addition of some custom ‘helper’ code I was able to add this ability to a test site. The end result is a simple page as shown below.

 

enhancing web matrix 3 starter site template to show login activity

The first change to make is to the startersite database, create a LoginHistory table with UserId,LogonDate,Result fields (note: use int, datetime,nvarchar(20)) data types. Then what follows is some code to store login details.

How the code works is as follows in the accounts folder, in the page Login.cshtml, reference a web matrix helper function you can create similar to this. Around line 40 in the page, the email variable is assigned a value email = Request.Form["email"];.

We use this variable to pass a value to a ‘helper’ routine you can create some like this:

            // Attempt to log in using provided credentials
            if (WebSecurity.Login(email, password, rememberMe)) {
                @LoginHistory.RecordLogin(@email,"logon success"); 
                Context.RedirectLocal(returnUrl);

A helper would be created something like this.

 

@helper RecordLogin(string email,string resultmessage){
<p>running recordSuccessfulLogin</p>
    //get the userid by the email parameter
    var db=Database.Open("StarterSite"); 
    var sql = "select UserId from UserProfile where Email =@0";
    //<p>the email is @email</p>

    //note a Cannot convert null to 'int' error happens if email is null because userid cannot be a null
    int userid = db.QueryValue(sql,email);
    //     <p>the userid is @userid</p>
    //
     sql = "Insert Into LogonHistory (UserId,LogonDate,Result) values ("+ @userid + ",'" +DateTime.Now.ToString()+"','"+@resultmessage+"')";
     //<p>the sql is @sql</p>
    int rows = db.Execute(sql);
    //<p>rows = @rows</p>
    /* if (rows>0){
       <p>rows added</p>  
     }
     else{<p>rows not added</p>}
      */ 
}

The code could be placed in a file named LoginHistory.cshtml in the App_Code folder.

That code would be called from the login.chtml page for example:

            // Attempt to log in using provided credentials
            if (WebSecurity.Login(email, password, rememberMe)) {
                @LoginHistory.RecordLogin(@email,"logon success"); 
                Context.RedirectLocal(returnUrl);
                
                return;
            } else {
                @LoginHistory.RecordLogin(@email,"incorrect password");
                ModelState.AddFormError("The user name or password provided is incorrect.");
                
            }

How to display the logon activity? Create another helper routine kept in the same LoginHistory.cshtml file something like below:

@helper ShowLoginActivity(string email){

var db=Database.Open("StarterSite");

var sql = "select UserId from UserProfile where Email =@0";
    //<p>the email is @email</p>

    //note a Cannot convert null to 'int' error happens if email is null because userid cannot be a null
    int userid = db.QueryValue(sql,email);

foreach (var history in db.Query("SELECT UserId,LogonDate,Result FROM LogonHistory WHERE UserId = " + @userid + " order by HistoryId desc"))
{
    int Userid = history.UserId;
    string result = history.Result;
    string LogonDate = Convert.ToString(history.LogonDate);
    <p> @LogonDate: @result</p>
}
}

The above series sample code is a starting point but needs more testing. Don’t use in production environments.