ASP.NET Account lockout notify

19. May 2011 21:05

 

Something that people normally overlook when building a system is logging so here is a little snippet of code that will detect when an account has become locked out making it possible to notify either support staff or the end user that there current account has been locked out.

 

This following works by taking a reading of the user account before and after the login event. So we read the status of the account on the page postback. Then we test for it during the login error. We can then log this or send an email to the current user.

 

 

public partial class Login : AppPage
{
    private bool AccountWasLocked = false;

    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack == true)
        {
            MembershipUser tmp = Membership.GetUser(Login2.UserName);
            if (tmp != null)
                AccountWasLocked = tmp.IsLockedOut;
        }
    }

    protected void Login2_LoginError(object sender, EventArgs e)
    {
        MembershipUser tmp = Membership.GetUser(Login2.UserName);

        if (tmp != null && AccountWasLocked == false && tmp.IsLockedOut == true)
        {
            string Msg = string.Format("User '{0}' Has Locked Out their Account from IP Address '{1}'", tmp.UserName, Request.UserHostAddress);
            DBLog.Log(DBConn, tmp, "Login.LoginError.AccountLocked", Msg);
            //Notify Admin / End User
        }

        DBLog.Log(DBConn, "Login.Failure", string.Format("Login failed for user '{0}' from {1}", Login2.UserName, Request.UserHostAddress));
    }

    protected void Login2_LoggedIn(object sender, EventArgs e)
    {
        DBLog.Log(DBConn, "Login", string.Format("User '{0}' has logged in from {1}", Login2.UserName, Request.UserHostAddress));
    }
}

 

 

In the above code you will also need to include the namespace System.Web.Security to be able to access the MemberShip functions in asp.net.

 

The class DBLog that I am using has two static functions which you will also need to implement depending on how you wish to store your log information.

 

public class DBLog
{
    public static void Log(DBConn Conn, MembershipUser User, string LogType, string Message);
    public static void Log(DBConn Conn, string LogType, string Message);
}

 

I will probably be making some posts in the near future about logging in asp.net

E-mail Kick it! DZone it! del.icio.us Permalink


ASP.NET / C# Logoff

12. May 2011 21:21

 

A quick explenation of how todo a user logoff in asp.net while using forms authentication.

It is actually very simple. All you need is to create a logout.aspx page and add the following code. Then to logoff any users from anywhere in your application simply link to the page /Logout.aspx

 

public partial class Logout : AppPage
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (User.Identity.IsAuthenticated)
        {
            Session.Clear();
            FormsAuthentication.SignOut();
            Response.Redirect("Logout.aspx");
        }
    }
}

 

E-mail Kick it! DZone it! del.icio.us Permalink


ASP.NET Http Modules Config

7. May 2011 16:02

I made a couple of different posts involving asp.net http modules but never explained how to install them. The modules were to block web site access by ip address and also another to block postbacks based on files requested both of these were to filter backlink spam and to cut it at source. The ip addrss blocking was not so successful though it was effective. The blocking of postbacks seem to be having great success and one week later I have only seen around 1-2 spam items make it though the filter.

 

Installing this modules is actually pretty simple. You would need to create a new project in visual studio for a class dll and add the correct references until it compiles. eg System, System.Web, System.Data, System.Core and of course any other references that are required. It is possible to create these external to any asp.net project then add them to any asp.net application.

More...

E-mail Kick it! DZone it! del.icio.us Permalink


Blocking comment spam postbacks

30. April 2011 12:37

 

I was previously trying to prevent comment spam by blocking access by ip address. However it does appear that this really isn't very suitable. The amount of comment spam did drop from around 500-600 items per day to around 40 - 60. So it just is not effective enough and you also run the risk of blocking valid users from accessing the content on the site.

 

I have now come up with a new method which is a much safer and does not require the overhead of using a database. I decided to look into the web server logs and noticed that the clients are bots and not really web browsers they only request then postback a valid page in an attempt to get the comments to appear on the site. So this new approach uses this to an big advantage.

More...

E-mail Kick it! DZone it! del.icio.us Permalink


ASP.NET - Blocking By IP Address

14. April 2011 22:55

 

Recently I seem to be running into a little bit of a spamming problem with backlink's being submitted to the blog. It looks like the way .net blog engine does post is really easy for the spammer to be able to post lots and lots of comments with bots (I guess the spammers are getting good at this now). This sounds quite bad but everything is being caught by the spam filters so its really not so bad. So this is a bit of a guide to attempt to protect a website from such action coming from abusive computers around the internet. More...

E-mail Kick it! DZone it! del.icio.us Permalink