Login users at the same time problems in signalr - signalr

I'm working on a social network with ASP.NET and signalr. I have a simple login page, if it finds the user in the database it creates an Application variable and redirect the user to the profile page and in this page i invoke my Connect method declared in my hub class, this method takes the userid in the session and it give the friend list of this user. That works great when two or many users logged in at different time. The thing is, when two or several users logged in at the same time, the connect method declared in my hub takes the last user id stored in the Application variable and it give the friend list of this last user id and it send it to all user connected.
I can't find the correct approach.
Loggin Page code:
protected void btn_login_Click(object sender, EventArgs e)
{
Tbl_User user = new Tbl_User();
user = FonctionCommun.Login(txt_UserName.Text , txt_PassWord.Text);
if (user != null)
{
Application["UserID"] = user.UserID.ToString();
Response.Redirect("Profile.aspx");
}
else {
Label1.Visible = true;
}
}
My connect method code:
public void connect()
{
UserID = Guid.Parse(HttpContext.Current.Application["UserID"].ToString());
string OutPut = "";
if (ListOnlineUser.Count(x => x.UserID == UserID) == 0)
{
ListOnlineUser.Add(new OnlineUsers { UserID = UserID, ConnetionID = Guid.Parse(Context.ConnectionId) });
objchat.SetOnline(UserID);
ListFriends = objchat.GetFriendLoginStatus(UserID);
}
foreach (Tbl_User item in ListFriends)
{
if (item.Status == "1")
{
OnlineUsers onlineFriend = ListOnlineUser.FirstOrDefault(x => x.UserID == Guid.Parse(item.UserID.ToString()));
if (onlineFriend != null)
{
using (FIESTA_ADVISOREntities BD = new FIESTA_ADVISOREntities())
{
Tbl_User Obj_User = BD.Tbl_User.Where(o => o.UserID == UserID).FirstOrDefault();
if (Obj_User.ProfileImage != null)
{
string ext = BD.Assets.Where(o => o.url == Obj_User.ProfileImage).Select(o => o.MimeType).FirstOrDefault();
UserDetaille res = new UserDetaille() { UserID = Guid.Parse(Obj_User.UserID.ToString()), Username = Obj_User.UserName, ProfileImage = Obj_User.ProfileImage.ToString(), Ext = ext };
OutPut = JsonConvert.SerializeObject(res);
}
else {
UserDetaille res = new UserDetaille() { UserID = Guid.Parse(Obj_User.UserID.ToString()), Username = Obj_User.UserName, ProfileImage = "111", Ext = "png" };
OutPut = JsonConvert.SerializeObject(res); }
Clients.Client(onlineFriend.ConnetionID.ToString()).OnNewUserConnect(OutPut);
}
}
}
}
Clients.Caller.ShowFriends(ListFriends);
}

Try session variable instead of application variable. Application variable shared through out application working. So Whenever new user this is override. But if you use session variable that will never override by any other user

Also you can use query string in signalr in which you can pass userid as query string so in each request userid will be in query string
$.connection.hub.qs = 'userid=' + "UserId";

Related

vulnerability from security team in forget password controller in asp .net

I have a controller form application and the security team they said there is a vulnerability you can put any user_id fom postman inside the controller like this
ForgotPassword/user_id
how I can remove this vulnerability check the code below:
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult ForgotPassword(string emailId)
{
var helper = new Helper.Helper();
List<SqlParameter> args = new List<SqlParameter>();
args.Add(new SqlParameter("#Pin_email_id", emailId));
var req_resp = new Dictionary<string, object>();
try
{
using (DataSet dataset = helper.ExecuteSqlQuery("Web_Forgot_Password", args))
{
if (dataset != null && dataset.Tables.Count > 0 && dataset.Tables[0].Rows.Count > 0)
{
if (dataset.Tables[0].Rows[0]["Status"].ToString() == "Success")
{
req_resp["status"] = true;
req_resp["message"] = dataset.Tables[0].Rows[0]["Description"].ToString();
req_resp["code"] = dataset.Tables[0].Rows[0]["Code"].ToString();
string password = dataset.Tables[0].Rows[0]["user_password"].ToString();
SendForgotMail(emailId, dataset.Tables[0].Rows[0]["user_name"].ToString(), helper.Decrypt(password), dataset.Tables[0].Rows[0]["employee"].ToString());
return Json(req_resp);
}
else
{
req_resp["status"] = false;
req_resp["message"] = dataset.Tables[0].Rows[0]["Description"].ToString();
req_resp["code"] = dataset.Tables[0].Rows[0]["Code"].ToString();
return Json(req_resp);
}
}
else
{
req_resp["status"] = false;
req_resp["message"] = "Request Failed";
req_resp["code"] = "1005";
return Json(req_resp);
}
}
}
catch
{
var response = new
{
status = false,
message = "Request failed",
code = "1005"
};
return Json(response);
}
}
Well normally you store only password hashes in your database, which are not decryptable. Watching helper.Decrypt(password) in your code and sending the original password as a plain text in email is something painful. Normally I would just send a password reset link which can be used only once.
I checked the SqlParemater docs, it is added as a String value the way you use it, so it is not SQL injectable. Without the exact SQL I cannot tell much. I think they meant that it is SQL injectable, but then they should send evidence at least.

How to keep user logged in when using FB plugin to sign in?

I am trying to find out how to keep user logged in. I am using Facebook Plugin and storing the user data in CosmosDB, however i am not sure what data do i need to keep the user logged in or when to actually ask his permission as i am redirected straight to Facebook login.
This is the code that i am using to sign in
async Task LoginFacebookAsync(User user)
{
try
{
if (_facebookService.IsLoggedIn)
{
_facebookService.Logout();
}
EventHandler<FBEventArgs<string>> userDataDelegate = null;
userDataDelegate = async (object sender, FBEventArgs<string> e) =>
{
if (e == null) return;
switch (e.Status)
{
case FacebookActionStatus.Completed:
var facebookProfile = await Task.Run(() => JsonConvert.DeserializeObject<FacebookProfile>(e.Data));
var socialLoginData = new User
{
UserEmail = facebookProfile.Email,
UserName = $"{facebookProfile.FirstName} {facebookProfile.LastName}",
Id = facebookProfile.UserId,
};
user.UserEmail = socialLoginData.UserEmail;
user.UserName = socialLoginData.UserName;
user.Id = socialLoginData.Id;
user = await UserViewModel.GetOrCreateUser(user);
UserViewModel.SetUser(user);
await App.Current.SavePropertiesAsync();
App.Current.MainPage = new AppShell();
break;
case FacebookActionStatus.Canceled:
break;
}
_facebookService.OnUserData -= userDataDelegate;
};
_facebookService.OnUserData += userDataDelegate;
string[] fbRequestFields = { "email", "first_name", "gender", "last_name" };
string[] fbPermisions = { "email" };
await _facebookService.RequestUserDataAsync(fbRequestFields, fbPermisions);
}
catch (Exception ex)
{
Debug.WriteLine(ex.ToString());
}
}
Please if you could help how to approach this.
You may use local db like Sqlite or Settings Plugin to save the authentication token, expire date etc. So when the app run you can check them and let the user automatically login or not.

Azure AD SSO in ASP.NET - How to update token silently?

I have a quite simple ASP.NET project that has the Azure AD Authentication installed.
It uses the CookieAuthentication by default and uses the Azure AD SSO to login.
So what I can't understand is that if I login and left the page opened for 1 hour - which is the Azure AD access token expiration time, it just stops working.
To avoid this, I tried to update the access token silently before it is expired but failed.
Not even sure why the app stops working as it's using Cookie for authorization and it uses the Azure AD login only for Authentication.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = (context) =>
{
var threshold = DateTime.UtcNow.AddMinutes(55);
if (context.Properties.ExpiresUtc < threshold)
{
var authManager = context.OwinContext.Authentication;
string signedInUserID = context.Identity.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
if (authContext == null)
authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
ClientCredential credential = new ClientCredential(clientId, appKey);
try
{
var result = authContext.AcquireTokenSilentAsync(graphResourceId, clientId).Result;
}
catch (AggregateException ex)
{
if (ex.InnerException.GetType() == typeof(AdalSilentTokenAcquisitionException))
{
var result = authContext.AcquireTokenAsync(graphResourceId, credential).Result;
}
}
}
return Task.FromResult(0);
}
}
});
This is the ADALTokenCache.
public class ADALTokenCache : TokenCache
{
private ApplicationDbContext db = new ApplicationDbContext();
private string userId;
private UserTokenCache Cache;
public ADALTokenCache(string signedInUserId)
{
// Associate the cache to the current user of the web app
userId = signedInUserId;
this.AfterAccess = AfterAccessNotification;
this.BeforeAccess = BeforeAccessNotification;
this.BeforeWrite = BeforeWriteNotification;
// Look up the entry in the database
Cache = db.UserTokenCacheList.FirstOrDefault(c => c.webUserUniqueId == userId);
// Place the entry in memory
this.Deserialize((Cache == null) ? null : MachineKey.Unprotect(Cache.cacheBits,"ADALCache"));
}
// Clean up the database
public override void Clear()
{
base.Clear();
var cacheEntry = db.UserTokenCacheList.FirstOrDefault(c => c.webUserUniqueId == userId);
db.UserTokenCacheList.Remove(cacheEntry);
db.SaveChanges();
}
// Notification raised before ADAL accesses the cache.
// This is your chance to update the in-memory copy from the DB, if the in-memory version is stale
void BeforeAccessNotification(TokenCacheNotificationArgs args)
{
if (Cache == null)
{
// First time access
Cache = db.UserTokenCacheList.FirstOrDefault(c => c.webUserUniqueId == userId);
}
else
{
// Retrieve last write from the DB
var status = from e in db.UserTokenCacheList
where (e.webUserUniqueId == userId)
select new
{
LastWrite = e.LastWrite
};
// If the in-memory copy is older than the persistent copy
if (status.First().LastWrite > Cache.LastWrite)
{
// Read from from storage, update in-memory copy
Cache = db.UserTokenCacheList.FirstOrDefault(c => c.webUserUniqueId == userId);
}
}
this.Deserialize((Cache == null) ? null : MachineKey.Unprotect(Cache.cacheBits, "ADALCache"));
}
// Notification raised after ADAL accessed the cache.
// If the HasStateChanged flag is set, ADAL changed the content of the cache
void AfterAccessNotification(TokenCacheNotificationArgs args)
{
// If state changed
if (this.HasStateChanged)
{
Cache = new UserTokenCache
{
webUserUniqueId = userId,
cacheBits = MachineKey.Protect(this.Serialize(), "ADALCache"),
LastWrite = DateTime.Now
};
// Update the DB and the lastwrite
db.Entry(Cache).State = Cache.UserTokenCacheId == 0 ? EntityState.Added : EntityState.Modified;
db.SaveChanges();
this.HasStateChanged = false;
}
}
void BeforeWriteNotification(TokenCacheNotificationArgs args)
{
// If you want to ensure that no concurrent write take place, use this notification to place a lock on the entry
var t = args;
}
public override void DeleteItem(TokenCacheItem item)
{
base.DeleteItem(item);
}
}
This is what I tried, but not working.
Would appreciate any help.
Thanks in advance.

MVC custom login authentication

Hi I'm developing an app in MVC and I have a problem with login, I want to know how can I manage the login depending on the user role.
While the moment the login works fine but I need to identify the role user for sending to different pages
I have a table in my database call Employee and one column is call IdPosition that is referred to another table call Position.
Here is my code
[HttpPost]
public ActionResult Autorizacion(Pepitos.Models.Employee employee)
{
using (pepitosEntities db = new pepitosEntities())
{
var userDetails = db.Employees.Where(x => x.Username == employee.Username && x.Password == employee.Password).FirstOrDefault();
if (userDetails == null)
{
employee.ErrorLoginMensaje = "Username or Password incorrect";
return View("Login",employee);
}
else
{
Session["IdEmployee"] = userDetails .IdEmployee;
Session["name"] = userDetails.Name;
return RedirectToAction("EmployeesIndex", "EmployeesHome");
}
}
}
Now what you need to do is check the role after the username and password matches and then redirect accordingly.for that i assumed you have role column in your database table along with username and password.
using (pepitosEntities db = new pepitosEntities())
{
var userDetails = db.Employees.Where(x => x.Username == employee.Username && x.Password == employee.Password).FirstOrDefault();
if (userDetails == null)
{
employee.ErrorLoginMensaje = "Username or Password incorrect";
return View("Login",employee);
}
else
{
var userRole=userDetails.role; //get the role of the user i.e whether user is admin or any other role
if(userRole=="Admin")
{
Session["IdEmployee"] = userDetails .IdEmployee;
Session["name"] = userDetails.Name;
return RedirectToAction("EmployeesIndex","EmployeesHome");
}
else if(userRole=="User")
{
Session["IdUser"] = userDetails .IdUser;
Session["name"] = userDetails.Name;
return RedirectToAction("UserIndex","UserHome");
}
//and so on
}
}
hope it helps!

get a list of online users in asp.net mvc

I have a page in my application which always shows updated list of online users.
Now, to keep the list-which is stored in application object- updated, i do the below steps
add user to list when login
remove user on log off
Then to handle browser close/navigate away situations, I have a timestamp along with the username in the collection
An ajax call every 90 seconds updates the timestamp.
The problem:
I need something to clean this list every 120 seconds to remove entries with old timestamps.
How do I do this within my web application? ie Call a function every 2 mins.
PS: I thought of calling a webservice every 2 mins using a scheduler , but the hosting environment do not allow any scheduling.
Do the following inside a global filter.
public class TrackLoginsFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Dictionary<string, DateTime> loggedInUsers = SecurityHelper.GetLoggedInUsers();
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (loggedInUsers.ContainsKey(HttpContext.Current.User.Identity.Name))
{
loggedInUsers[HttpContext.Current.User.Identity.Name] = System.DateTime.Now;
}
else
{
loggedInUsers.Add(HttpContext.Current.User.Identity.Name, System.DateTime.Now);
}
}
// remove users where time exceeds session timeout
var keys = loggedInUsers.Where(u => DateTime.Now.Subtract(u.Value).Minutes >
HttpContext.Current.Session.Timeout).Select(u => u.Key);
foreach (var key in keys)
{
loggedInUsers.Remove(key);
}
}
}
To retrieve the user list
public static class SecurityHelper
{
public static Dictionary<string, DateTime> GetLoggedInUsers()
{
Dictionary<string, DateTime> loggedInUsers = new Dictionary<string, DateTime>();
if (HttpContext.Current != null)
{
loggedInUsers = (Dictionary<string, DateTime>)HttpContext.Current.Application["loggedinusers"];
if (loggedInUsers == null)
{
loggedInUsers = new Dictionary<string, DateTime>();
HttpContext.Current.Application["loggedinusers"] = loggedInUsers;
}
}
return loggedInUsers;
}
}
Don't forget to Register you filter in global.asax. It's probably a good idea to have an app setting to switch this off.
GlobalFilters.Filters.Add(new TrackLoginsFilter());
Also remove users at logoff to be more accurate.
SecurityHelper.GetLoggedInUsers().Remove(WebSecurity.CurrentUserName);
In your Account Controller
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (HttpRuntime.Cache["LoggedInUsers"] != null) //if the list exists, add this user to it
{
//get the list of logged in users from the cache
List<string> loggedInUsers = (List<string>)HttpRuntime.Cache["LoggedInUsers"];
//add this user to the list
loggedInUsers.Add(model.UserName);
//add the list back into the cache
HttpRuntime.Cache["LoggedInUsers"] = loggedInUsers;
}
else //the list does not exist so create it
{
//create a new list
List<string> loggedInUsers = new List<string>();
//add this user to the list
loggedInUsers.Add(model.UserName);
//add the list into the cache
HttpRuntime.Cache["LoggedInUsers"] = loggedInUsers;
}
if (!String.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
public ActionResult LogOff()
{
string username = User.Identity.Name; //get the users username who is logged in
if (HttpRuntime.Cache["LoggedInUsers"] != null)//check if the list has been created
{
//the list is not null so we retrieve it from the cache
List<string> loggedInUsers = (List<string>)HttpRuntime.Cache["LoggedInUsers"];
if (loggedInUsers.Contains(username))//if the user is in the list
{
//then remove them
loggedInUsers.Remove(username);
}
// else do nothing
}
//else do nothing
FormsAuthentication.SignOut();
return RedirectToAction("Index", "Home");
}
in your partial view.
#if (HttpRuntime.Cache["LoggedInUsers"] != null)
{
List<string> LoggedOnUsers = (List<string>)HttpRuntime.Cache["LoggedInUsers"];
if (LoggedOnUsers.Count > 0)
{
<div class="ChatBox">
<ul>
#foreach (string user in LoggedOnUsers)
{
<li>
<div class="r_row">
<div class="r_name">#Html.Encode(user)</div>
</div>
</li>
}
</ul>
</div>
}
}
render this partial view when user log in.
use this script call ever 90 second
<script type="text/javascript">
$(function () {
setInterval(loginDisplay, 90000);
});
function loginDisplay() {
$.post("/Account/getLoginUser", null, function (data) {
});
}
</script>
Here is the white elephant solution.
Instead of maintaining this list in application object, maintain this list in database. Then you can use database jobs to work on this list periodically. Establish SQL notification on this object so that everytime this list is purged you get refreshed data in your application.
Use Ajax to send "I am still online" message to the server in every 30 seconds. This is the best way to find who is really online.
So here what I did:
Create a table in the database
CREATE TABLE [dbo].[OnlineUser]
(
[ID] [int] IDENTITY(1,1) NOT NULL,
[Guid] [uniqueidentifier] NOT NULL,
[Email] [nvarchar](500) NOT NULL,
[Created] [datetime] NOT NULL,
CONSTRAINT [PK_OnlineUser] PRIMARY KEY CLUSTERED
(
[ID] ASC
) WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
Override the OnActionExecution method. This method is in a separate controller in my case is called AuthController then every other controller that required authemtication inherits from this controller.
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
// session variable that is set when the user authenticates in the Login method
var accessSession = Session[Constants.USER_SESSION];
// load cookie is set when the user authenticates in the Login method
HttpCookie accessCookie = System.Web.HttpContext.Current.Request.Cookies[Constants.USER_COOKIE];
// create session from cookie
if (accessSession == null)
{
if (accessCookie != null)
{
if (!string.IsNullOrEmpty(accessCookie.Value))
accessSession = CreateSessionFromCookie(accessCookie);
}
}
// if session does not exist send user to login page
if (accessSession == null)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{"controller", "Account"},
{"action", "Login"}
}
);
return;
}
else
{
TrackLoggedInUser(accessSession.ToString());
}
}
private List<OnlineUser> TrackLoggedInUser(string email)
{
return GetOnlineUsers.Save(email);
}
Next I created the following classes in the Data Repository class: GetOnlineUsers
public static class GetOnlineUsers
{
public static List<OnlineUser> GetAll()
{
using (var db = new CEntities())
{
return db.OnlineUsers.ToList();
}
}
public static OnlineUser Get(string email)
{
using (var db = new CEntities())
{
return db.OnlineUsers.Where(x => x.Email == email).FirstOrDefault();
}
}
public static List<OnlineUser> Save(string email)
{
using (var db = new CEntities())
{
var doesUserExist = db.OnlineUsers.Where(x => x.Email.ToLower() == email.ToLower()).FirstOrDefault();
if (doesUserExist != null)
{
doesUserExist.Created = DateTime.Now;
db.SaveChanges();
}
else
{
OnlineUser newUser = new OnlineUser();
newUser.Guid = Guid.NewGuid();
newUser.Email = email;
newUser.Created = DateTime.Now;
db.OnlineUsers.Add(newUser);
db.SaveChanges();
}
return GetAll();
}
}
public static void Delete(OnlineUser onlineUser)
{
using (var db = new CEntities())
{
var doesUserExist = db.OnlineUsers.Where(x => x.Email.ToLower() == onlineUser.Email.ToLower()).FirstOrDefault();
if (doesUserExist != null)
{
db.OnlineUsers.Remove(doesUserExist);
db.SaveChanges();
}
}
}
}
In the Global.asax
protected void Application_EndRequest()
{
// load all active users
var loggedInUsers = GetOnlineUsers.GetAll();
// read cookie
if (Context.Request.Cookies[Constants.USER_SESSION] != null)
{
// the cookie has the email
string email = Context.Request.Cookies[Constants.USER_SESSION].ToString();
// send the user's email to the save method in the repository
// notice in the save methos it also updates the time if the user already exist
loggedInUsers = GetOnlineUsers.Save(email);
}
// lets see we want to clear the list for inactive users
if (loggedInUsers != null)
{
foreach (var user in loggedInUsers)
{
// I am giving the user 10 minutes to interact with the site.
// if the user interaction date and time is greater than 10 minutes, removing the user from the list of active user
if (user.Created < DateTime.Now.AddMinutes(-10))
{
GetOnlineUsers.Delete(user);
}
}
}
}
In one of the controllers (You can create a new one up to you) that inhering from the AuthController, create the following method:
public JsonResult GetLastLoggedInUserDate()
{
string email = Session[Constants.USER_SESSION].ToString();
var user = GetOnlineUsers.Get(email);
return Json(new { year = user.Created.Year,
month = user.Created.Month,
day = user.Created.Day,
hours = user.Created.Hour,
minutes = user.Created.Minute,
seconds = user.Created.Second,
milliseconds = user.Created.Millisecond
}, JsonRequestBehavior.AllowGet);
}
In your _Layout.cshtml file at the very bottom place this Javascript code: This Javascript code will call the GetLastLoggedInUserDate() above to get the last interacted date from the database.
<script>
var lastInteracted, DifferenceInMinutes;
$(window).on('load', function (event) {
$.get("get-last-interaction-date", function (data, status) {
lastInteracted = new Date(data.year.toString() + "/" + data.month.toString() + "/" + data.day.toString() + " " + data.hours.toString() + ":" + data.minutes.toString() + ":" + data.seconds.toString());
});
});
$(window).on('mousemove', function (event) {
var now = new Date();
DifferenceInMinutes = (now.getTime() - lastInteracted.getTime()) / 60000;
if (DifferenceInMinutes > 5) {
$.get("get-last-interaction-date", function (data, status) {
lastInteracted = new Date(data.year.toString() + "/" + data.month.toString() + "/" + data.day.toString() + " " + data.hours.toString() + ":" + data.minutes.toString() + ":" + data.seconds.toString());
});
}
});
</script>
JavaScript explanation:
On page load I am are setting the last datetime the the user interacted with my website.
Since I cannot track what the user stares at on the screen, the next closest thing to real interaction is mouse movement.
So when the user moves the mouse anywhere on the page the following happens:
I compare the last interacted date with the current date.
Then I check if 5 minutes passed since the last updated date occurred.
Since the user happened to love the website and decided to spend more time on it, after the 5 minutes are passed, I send another request to the this method in my controller GetLastLoggedInUserDate() to get the date again. But before we get the date we will execute the OnActionExecuting method which will then update the records Created date and will return the current time. The lastInteracted gets the updated date and we go again.
The idea here is that when the user is not interacting with my website he is not really online for me. Maybe he has 100 tabs open and playing games doing other things but interacting with my website it is possible that they will not even realize they have it open in days or months depends on how often they reboot the PC. In any case I think that 10 minutes is a good threshold to work with but feel free to change it.
Finally AdminController class:
public ActionResult Index()
{
DashboardViewModel model = new DashboardViewModel();
// loading the list of online users to the dashboard
model.LoggedInUsers = GetOnlineUsers.GetAll();
return View("Index", "~/Views/Shared/_adminLayout.cshtml", model);
}
Index.cshtml (admin dashboard page)
#model ILOJC.Models.Admin.DashboardViewModel
#{
ViewBag.Menu1 = "Dashboard";
}
/// some html element and styles
<h5 class="">#Model.LoggedInUsers.Count() Online Users</h5>
<div class="row">
#foreach (var user in Model.LoggedInUsers.OrderByDescending(x => x.Created))
{
<div class="col-md-12">
<h5>#user.Email</h5>
<p><span>Last Inreaction Time: #user.Created.ToString("MM/dd/yyyy hh:mm:ss tt")</span></p>
</div>
}
</div>
Since the original table will only store online users I wanted to have a bit of history/log so I create a history table in the database:
CREATE TABLE [dbo].[OnlineUserHistory](
[ID] [int] IDENTITY(1,1) NOT NULL,
[OnlineUserID] [int] NOT NULL,
[Guid] [uniqueidentifier] NOT NULL,
[Email] [nvarchar](500) NOT NULL,
[Created] [datetime] NOT NULL,
[Updated] [datetime] NOT NULL,
[Operation] [char](3) NOT NULL,
CONSTRAINT [PK_OnlineUserLog] PRIMARY KEY CLUSTERED
(
[ID] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
Lastly, I created a database Trigger on insert and delete
CREATE TRIGGER [dbo].[trg_online_user_history]
ON [dbo].[OnlineUser]
AFTER INSERT, DELETE
AS
BEGIN
SET NOCOUNT ON;
INSERT INTO OnlineUserHistory(
OnlineUserID,
[Guid],
Email,
Created,
Updated,
Operation
)
SELECT
i.ID,
i.[Guid],
i.Email,
i.Created,
GETDATE(),
'INS'
FROM
inserted i
UNION ALL
SELECT
d.ID,
d.[Guid],
d.Email,
d.Created,
GETDATE(),
'DEL'
FROM
deleted d;
END
Hope this can hep someone. One thing I would improve tho is the way the online users are displaying load in the dashboard. Now, I need to refresh the page to see the updated number. But if you want to see it live, you just add the SignalR library then create a hub and you good to go!

Resources