如何在 ASP.Net MVC 5 中跟踪匿名用户的活动?
How to Track Anonymous Users' Activities in ASP.Net MVC 5?
我创建了一个 ASP.Net MVC 5 网络应用程序,其服务可供匿名用户使用。当匿名用户使用网络服务时,它会从数据库中做一些查询。然而,出于安全原因,我的客户想要跟踪 "suspicious" 匿名用户的活动。其中之一包括匿名用户每天查询的次数(以防止大量数据被 "stolen")。
有什么方法可以获取这些信息吗?
对于注册用户,我们可以在名为 QueryNo 的 ApplicationUser 中创建额外的 属性 并将其添加到 Claim 中,如下所示:
public class ApplicationUser : IdentityUser {
public uint QueryNo { get; set; } //how many times this user has queried
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) {
// Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// Add custom user claims here
userIdentity.AddClaim(new Claim("QueryNo", QueryNo));
return userIdentity;
}
}
当我们想要跟踪它的 activity 时,我们可以简单地增加它的 QueryNo 每个查询 activity。当我们想要显示它时,我们可以,例如,简单地为 Identity 定义一个扩展名,如下所示:
public static class IdentityExtensions {
public static string GetQueryNo(this IIdentity identity) {
if (identity == null) {
throw new ArgumentNullException("identity");
}
var ci = identity as ClaimsIdentity;
if (ci != null) {
return ci.FindFirstValue("QueryNo");
}
return null;
}
}
然后像这样在视图中简单地使用它:
<p>No Of Query: @User.Identity.GetQueryNo()</p>
但是我们如何跟踪匿名用户的活动(即查询次数)?
首先创建您的操作过滤器:
public class TrackingActionFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var sessionId = filterContext.HttpContext.Session.SessionID;
Debug.WriteLine("Printing session Id: " + sessionId);
var ip = filterContext.HttpContext.Request.UserHostAddress;
Debug.WriteLine("Printing ip: " + ip);
var headers = filterContext.RequestContext.HttpContext.Request.Headers;
foreach(var header in headers) {
Debug.WriteLine("Printing header: " + header);
}
var parms = filterContext.HttpContext.Request.Params;
foreach (var key in parms.AllKeys)
{
Debug.WriteLine("Printing parameter: " + key + " - " + parms[key]);
}
var routeDataKeys = filterContext.RouteData.Values.Keys;
foreach(var key in routeDataKeys)
{
Debug.WriteLine("Printing route data value: " + key + " - " + filterContext.RouteData.Values[key]);
}
//Stolen with love from
var stream = filterContext.HttpContext.Request.InputStream;
var data = new byte[stream.Length];
stream.Read(data, 0, data.Length);
Debug.WriteLine(Encoding.UTF8.GetString(data));
}
}
很明显,您会捕获相关细节,而不是将它们写入调试 window。
现在您可以在操作级别应用操作过滤器:
[TrackingActionFilter]
public ActionResult Index()
或在控制器级别:
[TrackingActionFilter]
public class HomeController : Controller
或者您可以通过 FilterConfig:
全局覆盖整个 MVC 应用程序
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new TrackingActionFilter());
}
}
我创建了一个 ASP.Net MVC 5 网络应用程序,其服务可供匿名用户使用。当匿名用户使用网络服务时,它会从数据库中做一些查询。然而,出于安全原因,我的客户想要跟踪 "suspicious" 匿名用户的活动。其中之一包括匿名用户每天查询的次数(以防止大量数据被 "stolen")。
有什么方法可以获取这些信息吗?
对于注册用户,我们可以在名为 QueryNo 的 ApplicationUser 中创建额外的 属性 并将其添加到 Claim 中,如下所示:
public class ApplicationUser : IdentityUser {
public uint QueryNo { get; set; } //how many times this user has queried
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) {
// Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
// Add custom user claims here
userIdentity.AddClaim(new Claim("QueryNo", QueryNo));
return userIdentity;
}
}
当我们想要跟踪它的 activity 时,我们可以简单地增加它的 QueryNo 每个查询 activity。当我们想要显示它时,我们可以,例如,简单地为 Identity 定义一个扩展名,如下所示:
public static class IdentityExtensions {
public static string GetQueryNo(this IIdentity identity) {
if (identity == null) {
throw new ArgumentNullException("identity");
}
var ci = identity as ClaimsIdentity;
if (ci != null) {
return ci.FindFirstValue("QueryNo");
}
return null;
}
}
然后像这样在视图中简单地使用它:
<p>No Of Query: @User.Identity.GetQueryNo()</p>
但是我们如何跟踪匿名用户的活动(即查询次数)?
首先创建您的操作过滤器:
public class TrackingActionFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var sessionId = filterContext.HttpContext.Session.SessionID;
Debug.WriteLine("Printing session Id: " + sessionId);
var ip = filterContext.HttpContext.Request.UserHostAddress;
Debug.WriteLine("Printing ip: " + ip);
var headers = filterContext.RequestContext.HttpContext.Request.Headers;
foreach(var header in headers) {
Debug.WriteLine("Printing header: " + header);
}
var parms = filterContext.HttpContext.Request.Params;
foreach (var key in parms.AllKeys)
{
Debug.WriteLine("Printing parameter: " + key + " - " + parms[key]);
}
var routeDataKeys = filterContext.RouteData.Values.Keys;
foreach(var key in routeDataKeys)
{
Debug.WriteLine("Printing route data value: " + key + " - " + filterContext.RouteData.Values[key]);
}
//Stolen with love from
var stream = filterContext.HttpContext.Request.InputStream;
var data = new byte[stream.Length];
stream.Read(data, 0, data.Length);
Debug.WriteLine(Encoding.UTF8.GetString(data));
}
}
很明显,您会捕获相关细节,而不是将它们写入调试 window。
现在您可以在操作级别应用操作过滤器:
[TrackingActionFilter]
public ActionResult Index()
或在控制器级别:
[TrackingActionFilter]
public class HomeController : Controller
或者您可以通过 FilterConfig:
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new TrackingActionFilter());
}
}