Security

Re: Last login date issue

scott@elbandit.co.uk — Fri, 09 Nov 2007 15:54:23 GMT

Good stuff, mines a pint

Re: Last login date issue

SuperSharp — Fri, 09 Nov 2007 15:52:04 GMT

Hello,

I tried the database update and it was still doing the same thing. I added the code to the 'LoggingIn' event and it works perfectly! Thank you so much for all your help with this and also to you too cheetahtech :) You guys have saved me! I owe you one.

- SuperSharp

Re: Last login date issue

scott@elbandit.co.uk — Fri, 09 Nov 2007 15:38:53 GMT

Hmm have you already logged in today as that user when testing? if so then your real last login date would be today. Have you tried it with a user that has definately not logged in today? better still go into the database and manually update the LastLoginDate column and change the year to last year and try again. We are overriding the authentication and performing it ourselves so the membership provider shouldn't have a chance to update the LastLoginDate before we put it in the session variable. If you try what I have suggested and it still doesn't work then you could try and put the lastLogindate into the session variable on the LoggingIn event, I think this may be called before the authenticate event. Do you see what I mean?

Re: Last login date issue

SuperSharp — Fri, 09 Nov 2007 15:32:25 GMT

It seems the 'LastLoginDate' is updated before we add it to the session veriable. I tried several times, and both the current 'LastLoginDate' and the session veriable we created have the same date/time.Would this mean it would need to be created before the authenticate stage? Thanks for your help on this :)

Re: Last login date issue

scott@elbandit.co.uk — Fri, 09 Nov 2007 15:31:58 GMT

No probs I only know this because I have worked with the Membership API agains't an exisitng user database so I had no choice but to create a Custom MemberShipProvider then I wanted the UserID AND the Username to be part of the MembershipUser object so thats how I got it working.

Re: Last login date issue

cheetahtech — Fri, 09 Nov 2007 15:26:17 GMT

Wow, Thank you for that link. You learn something new everyday.

Re: Last login date issue

scott@elbandit.co.uk — Fri, 09 Nov 2007 15:13:13 GMT

cheetahtech:
The last login records the last time the user logged in! Under stand the last login is set when the user authenticates. The last login does NOT mean the last time the user logged in and then ENDED his session. So when you see the last login, it means the last time he entered his credentials which is currently that moment in time he is logged in. As for system.web.security.membershipuser

Yes I think SuperSharp knows this but wants to display to the user the last time (before this time) that the user logged in.

cheetahtech:
This is a Wrapped DLL. Compiled code if you will. YOU Cannot change it. Also, when the system.web.security.membershiuser is called, it is a view rather than the actual table. Do you understand views? Views are prebuilt 'stored procedures' (look into it, or your site could be hacked using sql injection attacks.) in SQL that shouldn't be changed 'unless expert at work'. Views cannot be edited and updated through a SQL update statement. That means that trying to SET the membershipuser.lastlogin wont work from code behind.

You can inherit from the MembershipUser Class and extend it to add extra properties, granted you would have to create a Custom MemberShipProvider to retrieve all the extra values but it can be done. Infact in this case you could override the getuser method in your Custom Provider then call the Base class to get the membership user - which if using the default ASP membership database would query the view then you could use this information to create your inherited MemberShipUser object and return that with the extra propety as discussed in this tutorial: http://fredrik.nsquared2.com/viewpost.aspx?postid=322

cheetahtech:
As for Historic_LastloginDate, you need to create a SQL table and do this your self. This is easily done, just create another table. This should probrably have a stored procedure for it too. I sure hoope that makes more sense. Let me know if it doesn't and I try a bit harder.

Yes you could store this in a table or as above use the session object to temporarly hold the last login date, then update the extra property in the cutom membership user object.

Re: Last login date issue

scott@elbandit.co.uk — Fri, 09 Nov 2007 15:01:52 GMT

Actually change it to this just incase the Memberhip API out of the box sets the lastlogin date after sucessful validation:

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate

Dim userName As String = CType(sender, Login).UserName
Dim password As String = CType(sender, Login).Password

Dim aMembershipUser As MembershipUser = Membership.GetUser(userName)

        If Not aMembershipUser Is Nothing Then
                ' Get the real last date and store it in the session
                Dim realLastTimeloggedIn As DateTime = aMembershipUser.LastLoginDate

Session("realLastLogInTime") = realLastTimeloggedIn

               If Membership.ValidateUser(userName, password) Then
                        ' Got to set this as we are overriding the method
                        e.Authenticated = True
                        ' The lastlogin time will now be updated, but you can acess the real last logged intime
                        ' from the session variable. You could store this in the profile if you wish.
              End If
         End If
End Sub

Re: Last login date issue

scott@elbandit.co.uk — Fri, 09 Nov 2007 14:41:01 GMT

Sorry was getting confused and thinking about the Profile API. You could store the last login date in a session variable when on the overriding authentication event like so:

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate

        Dim userName As String = CType(sender, Login).UserName
        Dim password As String = CType(sender, Login).Password

If Membership.ValidateUser(userName, password) Then

                 Dim aMembershipUser As MembershipUser = Membership.GetUser(userName)
                 ' Get the real last date and store it in the session
                Dim realLastTimeloggedIn As DateTime = aMembershipUser.LastLoginDate

                Session("realLastLogInTime") = realLastTimeloggedIn
                ' Got to set this as we are overriding the method
                e.Authenticated = True
                 ' The lastlogin time will now be updated, but you can acess the real last logged intime
                ' from the session variable.
                ' You could then store this session value in the profile if you wish but do it on the LoggedInEvent as it seems
                ' you won't be able to access the profile before the user is authenticated - this is what caused your error above
                ' and if you think about it makes perfect sense.
        End If

End Sub

Let me know if this works for you.

Re: Last login date issue

cheetahtech — Fri, 09 Nov 2007 14:27:12 GMT

Oh Boy. You guys are lost.

The last login records the last time the user logged in! Under stand the last login is set when the user authenticates. The last login does NOT mean the last time the user logged in and then ENDED his session. So when you see the last login, it means the last time he entered his credentials which is currently that moment in time he is logged in. As for system.web.security.membershipuser

This is a Wrapped DLL. Compiled code if you will. YOU Cannot change it. Also, when the system.web.security.membershiuser is called, it is a view rather than the actual table. Do you understand views? Views are prebuilt 'stored procedures' (look into it, or your site could be hacked using sql injection attacks.) in SQL that shouldn't be changed 'unless expert at work'. Views cannot be edited and updated through a SQL update statement. That means that trying to SET the membershipuser.lastlogin wont work from code behind.

As for Historic_LastloginDate, you need to create a SQL table and do this your self. This is easily done, just create another table. This should probrably have a stored procedure for it too. I sure hoope that makes more sense. Let me know if it doesn't and I try a bit harder.

Re: Last login date issue

SuperSharp — Fri, 09 Nov 2007 14:14:43 GMT

This may be a silly question; how do I add the new property of 'Historic_LastLoginDate' to the membership.getuser? I have trioed adding it to the database 'aspnet_Membership' and building the website but it just doesn't recognise it...

'Error 35 'Historic_LastLoginDate' is not a member of System.Web.Security.MembershipUser'.

E.

Re: Last login date issue

scott@elbandit.co.uk — Fri, 09 Nov 2007 13:25:04 GMT

try:

Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn

           Dim dtLastLogin As String = Today()

           Membership.GetUser.Historial_LastLoginDate = Membership.GetUser.LastLoginDate

           Membership.GetUser.LastLoginDate = dtLastLogin

End Sub

Then you will be able to always get the true last login date. You could call the property something more meaningful but I think you get the idea.

Re: Last login date issue

SuperSharp — Fri, 09 Nov 2007 13:11:55 GMT

I am still getting the same issue. The problem is, after the user is logged in, the 'LastLoginDate' is updated so if I try to display it, it just shows that current login not the 'last' login. I have treid making a profile with a property 'LastLoginDate' but if I try to add to this before the user is logged in - I get the anonymous user error (as above). There must be a way around this but I just can't get it to work :(

Re: Last login date issue

scott@elbandit.co.uk — Thu, 08 Nov 2007 22:53:24 GMT

Move your code into the LoggedIn event, I am not sure if the authentication ticket is written at this point. So thats why you are getting the annoymous users error.

Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn

Dim dtLastLogin As String = Today()

Membership.GetUser.LastLoginDate = dtLastLogin

End Sub

Let me know if this helps you out.

Last login date issue

SuperSharp — Thu, 08 Nov 2007 21:25:15 GMT

Hello,

Just wondering if someone could help me on a problem I have come accross. I am trying to have a 'last log-in date' display in my members area after a user signed in. I have researched to some solutions as to how to do this but haven't had much luck. I have given it ago but I keep getting the same error with all the tests I do. Below is the code I am using to store the date in the user profiles:

    Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As AuthenticateEventArgs)

        If Login1.UserName IsNot Nothing Then
            Dim dtLastLogin As String = Today()
            If Membership.ValidateUser(Login1.UserName, Login1.Password) Then
                Profile.FirstName = "test"
                Dim userInfo As MembershipUser = Membership.GetUser(Login1.UserName)
                userInfo.LastLoginDate = dtLastLogin
                e.Authenticated = True
            End If
        End If

    End Sub

-----------------------------------------------------------------------------------------------------

This code is called from a Login control like so:

<asp:Login ID="Login1" runat="server" VisibleWhenLoggedIn="False" OnAuthenticate="Login1_Authenticate" DestinationPageUrl="~/empServices.aspx">

Here is the error I am getting:

-----------------------------------------------------------------------------------------------------

This property cannot be set for anonymous users. 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Configuration.Provider.ProviderException: This property cannot be set for anonymous users.

Source Error: 


Line 58:         }
Line 59:         set {
Line 60:             this.SetPropertyValue("FirstName", value);
Line 61:         }
Line 62:     }
 

Source File: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ewaassignment3\954aaa6a\cd248fcd\App_Code.-e1loqlf.0.cs    Line: 60

-----------------------------------------------------------------------------------------------------

If anyone could give me any advice or point me in the right direction, that would be great. Thanks very much.

Edd