I am developing a ASP.NET MVC aplication and I need to record the history of logins of a User. I need something similar to the last seen here in Stack Overflow (I will be keeping the history, I don't know if SO does this). I want to know what is the best way to do it?
any other, Pros and Cons of everyone?
Thanks
I would first create a database table to hold the login history. If you use the base project then I would go to the AccountController's LogOn action and place code to write a record to the history table after the FormsAuth.SignIn line.
if (!ValidateLogOn(userName, password))
{
return View();
}
FormsAuth.SignIn(userName, rememberMe);
//*** Write userName to history table *****
if (!String.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
Membership providers expose a ValidatingPassword event. I would wire my auditing to that rather than within the controller. To make this even easier, you could just have that fire off a WebEvent then use the <heartbeat> features available in your web.config to capture the information rather than having to write any code to handle this.
Also note that, if your goal is to just have some record of failures, the failed logins automatically get sent to the event log with the default configuration.
PS: Just re-read the question. Any way you want to carry it, Site.Master is the wrong place to do anything like this. What happens when you introcuce a second master page? Or, render unto the template what is the template's.
I end doing this:
I put in the global.asax in protected void Session_Start() and in the authorization routine.