I want save users's IPs and activity in a table named logPublic,I want when a unAthenticated user try to access a speacial folder e.g Admin folder i can add a record in logpublic table that it have some fields for e,g : ID,IP,Activity,datetime .after that
unathenticated user will be lock utomatically.what your suggestion ? I want do this by session?what mode i use for sesion?..
I dont think session mode will be dependant on the requirement.
You can handle the pageload for the masterpage of your admin pages, in it you may chech whether the user is authenticated. If not, then you may save some value in session (say Session["IsBlocked"] = "true";)
On other pages, if the value if Session["IsBlocked"] is true, then redirect the user to some other page.
The checking of Session["IsBlocked"] can be handled in an HTTP Module as well.
Marked as answer by nazlin on Dec 21, 2011 12:06 PM
I use below code in Load_Pge Event of masterpage in Admin folder:
public partial class Admin : System.Web.UI.MasterPage
{
protected void Page_Load(object sender, EventArgs e)
{
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
Session["IsBlocked"] = true;
string ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
HttpContext.Current.Session["UserIP"] = ip;
HttpContext.Current.Session["Activity"] = HttpContext.Current.Request.Url;
HttpContext.Current.Session["DateTime"] = System.DateTime.Now;
}
else
{
if(! HttpContext.Current.User.IsInRole("Admin"))
{
Session["BlockUser"] = true;
string ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
HttpContext.Current.Session["UserIP"] = ip;
}
}
}
}
}
and use http module as shown following
namespace StoreProject.Data
{
public class CustomSecurityModule :IHttpModule
{
storedbEntities StoreEnt = new storedbEntities();
public void Dispose()
{
throw new NotImplementedException();
}
public void Init(HttpApplication context)
{
//throw new NotImplementedException();
context.BeginRequest += new EventHandler(this.app_DoSecuriy);
}
private void app_DoSecuriy(object sender, EventArgs e)
{
if (System.Convert.ToBoolean(HttpContext.Current.Session["BlockUser"]) )
{
logPrivate Log = new logPrivate()
{
Username = HttpContext.Current.User.Identity.Name,
IP = HttpContext.Current.Session["UserIP"] .ToString(),
Enter = System.DateTime.Now,
};
StoreEnt.logPrivates.AddObject(Log);
StoreEnt.SaveChanges();
HttpContext.Current.Response.Redirect("~/UnAuthorizedAccess.aspx");
}
else if( System.Convert.ToBoolean( HttpContext.Current.Session["IsBlocked"] ))
{
LogPublic newLog = new LogPublic()
{
IP = HttpContext.Current.Session["UserIP"].ToString(),
Activity = HttpContext.Current.Session["Activity"].ToString(),
Enter = Convert.ToDateTime(HttpContext.Current.Session["DateTime"]),
};
StoreEnt.LogPublics.AddObject(newLog);
StoreEnt.SaveChanges();
HttpContext.Current.Response.Redirect("~/UnAuthorizedAccess.aspx");
}
}
}
but when i run my application website ,i dont have any record in LogPublic table or logPrivate table when i want visit a page in Admin Folder
please guide me
nazlin
Member
135 Points
173 Posts
how can i save users's IPs and activity in a table by session
Dec 21, 2011 11:44 AM|LINK
hi dears,
I want save users's IPs and activity in a table named logPublic,I want when a unAthenticated user try to access a speacial folder e.g Admin folder i can add a record in logpublic table that it have some fields for e,g : ID,IP,Activity,datetime .after that unathenticated user will be lock utomatically.what your suggestion ? I want do this by session?what mode i use for sesion?..
please help me
thanks alot
uniservice3
Participant
982 Points
209 Posts
Re: how can i save users's IPs and activity in a table by session
Dec 21, 2011 11:47 AM|LINK
salam nazlin khanom az code zir estefade kon baraye zakhire kardan IP karbaran ;)
prabodhm
Participant
958 Points
232 Posts
Re: how can i save users's IPs and activity in a table by session
Dec 21, 2011 11:49 AM|LINK
I dont think session mode will be dependant on the requirement.
You can handle the pageload for the masterpage of your admin pages, in it you may chech whether the user is authenticated. If not, then you may save some value in session (say Session["IsBlocked"] = "true";)
On other pages, if the value if Session["IsBlocked"] is true, then redirect the user to some other page.
The checking of Session["IsBlocked"] can be handled in an HTTP Module as well.
nazlin
Member
135 Points
173 Posts
Re: how can i save users's IPs and activity in a table by session
Dec 21, 2011 11:57 AM|LINK
salam
mamnon az javabi ke dadi :)
nazlin
Member
135 Points
173 Posts
Re: how can i save users's IPs and activity in a table by session
Dec 21, 2011 12:04 PM|LINK
Hi Prabodhm,
I try to do your solution.how can i handle session["IsBlock"] in http handler,what thing i chack in HTTPModal?please tell me a sample
thanks for reply
prabodhm
Participant
958 Points
232 Posts
Re: how can i save users's IPs and activity in a table by session
Dec 21, 2011 12:17 PM|LINK
For details of HTTPModules and HTTPHandlers refer: http://www.codeguru.com/csharp/.net/net_asp/article.php/c19389
You can use BeginRequest method of the Module, and check for Session["IsBlocked"], if the value is true, then redirect the user to some other page.
prabodhm
Participant
958 Points
232 Posts
Re: how can i save users's IPs and activity in a table by session
Dec 21, 2011 12:19 PM|LINK
You may also check: http://www.codeproject.com/KB/session/SessionTrace.aspx
nazlin
Member
135 Points
173 Posts
Re: how can i save users's IPs and activity in a table by session
Dec 22, 2011 09:21 AM|LINK
I use below code in Load_Pge Event of masterpage in Admin folder:
public partial class Admin : System.Web.UI.MasterPage { protected void Page_Load(object sender, EventArgs e) { if (!HttpContext.Current.User.Identity.IsAuthenticated) { Session["IsBlocked"] = true; string ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"]; HttpContext.Current.Session["UserIP"] = ip; HttpContext.Current.Session["Activity"] = HttpContext.Current.Request.Url; HttpContext.Current.Session["DateTime"] = System.DateTime.Now; } else { if(! HttpContext.Current.User.IsInRole("Admin")) { Session["BlockUser"] = true; string ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"]; HttpContext.Current.Session["UserIP"] = ip; } } } } } and use http module as shown followingnamespace StoreProject.Data { public class CustomSecurityModule :IHttpModule { storedbEntities StoreEnt = new storedbEntities(); public void Dispose() { throw new NotImplementedException(); } public void Init(HttpApplication context) { //throw new NotImplementedException(); context.BeginRequest += new EventHandler(this.app_DoSecuriy); } private void app_DoSecuriy(object sender, EventArgs e) { if (System.Convert.ToBoolean(HttpContext.Current.Session["BlockUser"]) ) { logPrivate Log = new logPrivate() { Username = HttpContext.Current.User.Identity.Name, IP = HttpContext.Current.Session["UserIP"] .ToString(), Enter = System.DateTime.Now, }; StoreEnt.logPrivates.AddObject(Log); StoreEnt.SaveChanges(); HttpContext.Current.Response.Redirect("~/UnAuthorizedAccess.aspx"); } else if( System.Convert.ToBoolean( HttpContext.Current.Session["IsBlocked"] )) { LogPublic newLog = new LogPublic() { IP = HttpContext.Current.Session["UserIP"].ToString(), Activity = HttpContext.Current.Session["Activity"].ToString(), Enter = Convert.ToDateTime(HttpContext.Current.Session["DateTime"]), }; StoreEnt.LogPublics.AddObject(newLog); StoreEnt.SaveChanges(); HttpContext.Current.Response.Redirect("~/UnAuthorizedAccess.aspx"); } } }but when i run my application website ,i dont have any record in LogPublic table or logPrivate table when i want visit a page in Admin Folder
please guide me
thanks