Capturing user information

[Greg Smith]

Hi, I have written several Windows based applications and I have always had
an "application log" which captures username, machinename etc. As I now
turn to web based applications I would like to capture any similar
information, either server side programming or client side, and log it.

My question is, what can you capture and how do you best capture it?


Any help is greatly appreciated.

 

[Kevin Spencer]

IIS should be able to log all of that information for you. Just turn on
logging for that web site. Otherwise, if you want a more custom solution,
check the Request.ServerVariables Collection, which will return all of the
information you requested and more. See:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/iis/ref_vbom_reqocsv.asp

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Mark]

In addition to Kevin's suggestions, you could setup a table or two in your
database to store this data for ease of reporting. For example, create a
stored procedure that will insert information like:

1. current user
2. time stamp
3. current page
4. report displayed
5. criteria used for the report
6. some special feature (button) used
7. Whatever else you can dream up

etc ...

Then create wrap this code in a single method or class to be reused whenver
you need it in your app.

HTH.

Mark

 

[Steven Cheng[MSFT]]

Hi Greg,


Thanks for posting in the community!
From your description, from your description, you'd like to get some
certain infos of the client user in the ASP.NET web application,yes?
If there is anything I misunderstood, please feel free to let me know.

As for this question, I think Kevin's suggestion that use the IIS's
ServerVariables Collection is a good approach since IIS server variables
provide information about a client, the request, and the application.
Server variables obtain most of their information from headers. It is wise
to not trust information in headers when security decisions must be made,
as this information can be falsified by malicious users. Here is the
weblink to its detailed description in MSDN:

#IIS Server Variables
http://msdn.microsoft.com/library/en-us/iissdk/iis/servervariables.asp?frame
=true

And since the example Kevin provided is classic ASP(vbscript) based, but
the "ServerVariables" collections is also avaliable in ASP.NET, for example:
private void Page_Load(object sender, System.EventArgs e)
{
foreach( string key in Request.ServerVariables.Keys )
{
Response.Write("<br>" + key + "::::::: " +
Request.ServerVariables[key].ToString());
Response.Write("<br>------------------------");
}
Response.Write("<br>------------------------");
Response.Write("<br>HttpContext.Current.User.Identity.Name: " +
HttpContext.Current.User.Identity.Name);
Response.Write("<br>Request.UserHostAddress: "+ Request.UserHostAddress );
Response.Write("<br>Request.UserHostName: "+ Request.UserHostName );
}

Also, there are some other approachs to get clientside info via clientside
script, here is some web links to some site or tech articles discussing on
this:
#Client-side Info
http://www.aspsimply.com/info/infoclient.asp

Hope they're helpful to you.



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Steven Cheng[MSFT]]

Hi Greg,


Have you had a chance to check out the preceding suggestions or have you
got any ideas on this issue? If you need any further help, please feel free
to post here.



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)