Storing User Login Information

1/7/2025 MVC Core
54

Storing user login information during the login process is a critical step to enhance security and monitor access on websites. Below, we explore how to implement this feature in projects based on ASP.NET Core MVC.

Defining a Model for Storing User Login Information

First, create a model to store information about user logins. This model can include the following fields:

 

public class UserLoginLog
{
    public int Id { get; set; }
    public string? UserId { get; set; } // Null for external or unauthorized users
    public string? UserName { get; set; }
    public DateTime LoginTime { get; set; }
    public string? IpAddress { get; set; }
    public string? UserAgent { get; set; }
    public bool IsSuccessful { get; set; } // Indicates whether the login attempt was successful
    public string? FailureReason { get; set; } // Reason for failed logins
}

Storing Information During User Login

In the OnPostAsync method of the login page, after user authentication, store the login details

public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
    returnUrl ??= Url.Content("~/");
    ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();

    if (ModelState.IsValid)
    {
        var ipAddress = HttpContext.Connection.RemoteIpAddress?.ToString();
        var userAgent = Request.Headers["User-Agent"].ToString();
        var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);

        if (result.Succeeded)
        {
            var user = await _signInManager.UserManager.FindByEmailAsync(Input.Email);
            if (user != null)
            {
                _context.UserLoginLogs.Add(new UserLoginLog
                {
                    UserId = user.Id,
                    UserName = user.UserName,
                    LoginTime = DateTime.UtcNow,
                    IpAddress = ipAddress,
                    UserAgent = userAgent,
                    IsSuccessful = true
                });
                await _context.SaveChangesAsync();
            }
            _logger.LogInformation("User logged in.");
            return LocalRedirect(returnUrl);
        }
        else
        {
            _context.UserLoginLogs.Add(new UserLoginLog
            {
                UserId = null, // External user
                UserName = Input.Email, // Use attempted email
                LoginTime = DateTime.UtcNow,
                IpAddress = ipAddress,
                UserAgent = userAgent,
                IsSuccessful = false,
                FailureReason = result.IsLockedOut ? "Account locked" :
                               result.RequiresTwoFactor ? "Requires two-factor authentication" :
                               "Invalid credentials"
            });
            await _context.SaveChangesAsync();
        }
    }

    // Display the login form again in case of errors
    return Page();
}

Creating a Table in the Database

To store this information, a corresponding table must be created in the database. Using Entity Framework, run the Add-Migration and Update-Database commands to add this table to the database.

 

Key Security Tips

  • Encrypt Sensitive Data: Ensure sensitive data, such as passwords, is not stored in plain text and is properly encrypted.
  • Restrict Data Access: Limit access to login information to system administrators to prevent misuse.
  • Monitor Failed Login Attempts: By tracking failed login attempts, you can identify potential attacks and take preventive measures.

 

Additional Resources

For further reading on user information storage and web security, you can refer to the following resources: