It only takes a few lines of code to get Facebook-style "Was this you?" notifications set up for your ASP.NET MVC apps. In this post we will also cover what to do when a user confirms that the suspicious behaviour was not them.
Install ThisData from Nuget
First off fire up your MVC project and then let's jump in and install the latest ThisData Nuget package from the Package Manager console.
> Install-Package ThisData.Net
It should look something like this
Setup the client
We're going to track various events that occur around the login page so you will want to add a reference to
ThisData in your AccountController.
Now you want to instantiate a
ThisData.Client in the AccountController constructor so that you can use it throughout the controller. This is also where you will enter your ThisData API key.
If you don't have an API key you can sign up for a free account here.
Track login attempts
We want to track both successful and failed login attempts, so we need to add the following to the relevant parts of the
Login method in the AccountController.
If a login is successful we don't actually get a UserId back using the typical
User.Identity.GetUserId() method as the browser has not had a chance to plant a cookie yet.
So to grab the UserId during login we need to fetch the user using
You'll also notice that we're catching the failed logins by using the
log-in-denied verb. In this case, we don't know the user so we can omit that part and the event will show up as coming from an anonymous user in your ThisData audit log.
How are notifications sent to my users?
Log-in events are special in ThisData as they have the ability to trigger an email or SMS notification if suspicious user behaviour is detected. These are disabled by default but can be enabled in the API Settings area of your ThisData account.
Every time you track an event we assign a risk score to it in real-time. If the event type was
log-in, notifications are enabled and the score is sufficiently risky then a "Was this you?" notification is sent out to the user. We will also send notifications to your Slack account or custom webhook endpoint if you have enabled these.
If the user responds to the notification indicating that it was not them, you will get a webhook or Slack notification that you can use to kill the session or lock the account of that user.
You can use webhooks to automate workflows in your app. The first thing you will need to do is create an endpoint for catching them. You will then set that endpoint up and specify a shared secret in the API Settings area of your ThisData account.
In this case i've created a WebhooksController with a method called
ThisDataHook that accepts a POST request.
The webhook payload will contain details of the original event that triggered an alert and also a
WasUser property. You can use this to determine the type of notification and decide on an action to take.
Track other types of events
You can track a wide range of events from your app which is useful if you want to audit key actions for compliance or just general interest.
e.g. Tracking log out
So what are you waiting for? Improve the security of you apps by giving your users a chance to protect their accounts if suspicious behaviour is detected.
If you have any questions about getting started with ThisData, how it works or how to build secure apps let us know. We'd love to help.