April 28, 2016

How to add Login Intelligence to an ASP.NET MVC project

It only takes a few lines of code to get Facebook-style "Was this you?" notifications set up for your ASP.NET MVC apps. In this post we will also cover what to do when a user confirms that the suspicious behaviour was not them.

Install ThisData from Nuget

First off fire up your MVC project and then let's jump in and install the latest ThisData Nuget package from the Package Manager console.

> Install-Package ThisData.Net

It should look something like this

Setup the client

We're going to track various events that occur around the login page so you will want to add a reference to ThisData in your AccountController.

using ThisData;  

Now you want to instantiate a ThisData.Client in the AccountController constructor so that you can use it throughout the controller. This is also where you will enter your ThisData API key.

If you don't have an API key you can sign up for a free account here.

Track login attempts

We want to track both successful and failed login attempts, so we need to add the following to the relevant parts of the Login method in the AccountController.

If a login is successful we don't actually get a UserId back using the typical User.Identity.GetUserId() method as the browser has not had a chance to plant a cookie yet.

So to grab the UserId during login we need to fetch the user using UserManager.FindByNameAsync(model.Email).

You'll also notice that we're catching the failed logins by using the log-in-denied verb. In this case, we don't know the user so we can omit that part and the event will show up as coming from an anonymous user in your ThisData audit log.

How are notifications sent to my users?

Log-in events are special in ThisData as they have the ability to trigger an email or SMS notification if suspicious user behaviour is detected. These are disabled by default but can be enabled in the API Settings area of your ThisData account.

Every time you track an event we assign a risk score to it in real-time. If the event type was log-in, notifications are enabled and the score is sufficiently risky then a "Was this you?" notification is sent out to the user. We will also send notifications to your Slack account or custom webhook endpoint if you have enabled these.

If the user responds to the notification indicating that it was not them, you will get a webhook or Slack notification that you can use to kill the session or lock the account of that user.

Handling Webhooks

You can use webhooks to automate workflows in your app. The first thing you will need to do is create an endpoint for catching them. You will then set that endpoint up and specify a shared secret in the API Settings area of your ThisData account.

In this case i've created a WebhooksController with a method called ThisDataHook that accepts a POST request.

The webhook payload will contain details of the original event that triggered an alert and also a WasUser property. You can use this to determine the type of notification and decide on an action to take.

Track other types of events

You can track a wide range of events from your app which is useful if you want to audit key actions for compliance or just general interest.

e.g. Tracking log out

So what are you waiting for? Improve the security of you apps by giving your users a chance to protect their accounts if suspicious behaviour is detected.

If you have any questions about getting started with ThisData, how it works or how to build secure apps let us know. We'd love to help.

YOU MAY ALSO BE INTERESTED IN

Cloudbleed - ThisData's Response

Late last week Cloudflare announced that a pretty serious bug had been found in the way they handled their traffic. The bug allowed private ...