Log IP on exsisting ASP.NET solution

Helle EE,

We have some external developers to develop our web application. I have handed over an assigned and got an estimate that seems surrealistic high!
The task is (just) to enable IP logging on our users when logging in on your website with user name and password. A user can not register through the website but gets created in Navision and replicated to MS SQL DB.

Our application is written in ASP.net and based on the developers/vendors  CMS/e-Commerce system. Right now the system is fully functional and in production.
I was pretty surprised that it wasn't standard in their out-of-the-box product.  

However I would like to hear you guys opinion on how long this kind of task should take?  

//Mads...
MadsingAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WesWilsonCommented:
I added logging of logins into a SQL Server database (username, timestamp, and IP address) to our asp.net login page a few months ago at my company. 8 hours should be plenty of time. The code-behind can access the IP in the Request.UserHostAddress variable. It's a pretty simple feature to write.
0
Anthony PerkinsCommented:
>>The code-behind can access the IP in the Request.UserHostAddress variable. It's a pretty simple feature to write. <<
Absolutely.  Just don't raise your hopes that this result will be very meaningful.
0
WesWilsonCommented:
ACPerkins, if all Madsing is trying to do is log IP addresses, what would be the problem with getting them from Request.UserHostAddress? It's worked consistently for me....

Thanks!
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

MadsingAuthor Commented:
Yes, could you please be more specific?
0
Anthony PerkinsCommented:
>>It's worked consistently for me....<<
I never said it did not work.  Quite the opposite.  What I stated was that it may not be very meaningful.  In our specific case (and I believe that is true for many sites) the website is behind a proxy, so all UserHostAddress will get for you is the IP address for your proxy, over and over again.  My understanding is that there are workarounds and you should explore those also if this is your case.
0
WesWilsonCommented:
Ok. Right. Everybody at my house who connects to the site will appear to have the external IP of my modem. Everybody at my office who connects will appear to have the external IP of the office firewall.

For an internal application, you will get user's local IP addresses. For outside clients, you will get the IP of their router/modem/firewall, which won't be machine-specific within their organization.

Thanks for the clarification. To me this is expected behavior for IP logging, but it depends on what Madsing wants to use it for. Anyway, I would stick with an 8-hour estimate as being very conservative. (I think the question is more about a time estimate for the feature than implementation details.)

Thanks,
Wesley
0
MadsingAuthor Commented:
Yes, thanks both of you. But lets forget about the proxy problem for a moment. The developer also says it would be a good idea to fetch the IP at the login and a couple of other onClick events (confirm order, save profile etc) after you are logged in.
For me it seems unnecessary, cause it is still the same user session right?.  - Am I wrong?

Regarding the debate: the users are all external. The purpose for the IP logging is just to have extra security and information about the activity on our e-Shop.

Do you guys maybe have or know about a tutorial or complete simple example done in asp.net that shows how to log the IP, userID and timeStamp into a table on a MS SQL server?  

//Mads...

 
0
WesWilsonCommented:
I agree that getting the IP at login should be enough. I could also see an argument for recording the IP for events that would be legally significant, such as when the user agrees to your terms and conditions or confirms an order. Having the IP address and timestamp might be helpful if you ended up in a lawsuit with them.
0
MadsingAuthor Commented:
Yes that is exactly why we are implementing this. Just as a precaution!!
I am just wondering that if the user are logged in and the IP is fetched at the login and then user is clicking around on the after-login level it is not possible to change IP during or what?

//Mads...  
0
Anthony PerkinsCommented:
>>For outside clients, you will get the IP of their router/modem/firewall, which won't be machine-specific within their organization.<<
No, that is not what I meant.  In a website behind a proxy or a router the IP address will be the IP address of the proxy or router and not the IP address of the client.  So no it will not the "the IP address of their router/modem/firewall", but rather your own proxy.  This is why it is totally meaningless.  Again, their are workarounds for that, if you are interested, but you are right, it goes beyond the scope of this question.

0
WesWilsonCommented:
It would be unusual for an IP address to change during a session, but it might be possible, especially for people using mobile devices. I'm not sure on that.

Still, I think logging an IP at the time of a contractual agreement (like placing an order) could be helpful, because the user could argue that he had logged in, walked away from the computer, but then someone else came along and confirmed the order. Far-fetched? Probably. But it wouldn't hurt to be able to give more detail.

Ultimately, you're the customer and you understand the business case and any legal risks better than the developer. If you only want IP logging at login, the developer needs to do the work you want him to do, instead of stretching it into additional features that you don't want to pay for. I'm saying this as a developer who occasionally does some contract work myself.
0
MadsingAuthor Commented:
Thank you both for the contribution. I managed to create a test asp.net site where it saves the IP and browser type in an SQL server table. It took me about an hour.
I know that our web application is more complex, but the principle is the same though! That was also the reason for the question when the developer estimated 25 hours for logging the IP!? 3-4 places on the site.
It seems completely over the top with that amount of hours?!

I agree that logging at login and at the time of the actual contractual agreement is a good idea.

But 25 hours...come on!

//Mads...
0
WesWilsonCommented:
Yeah, 25 hours seems ridiculous. I understand there needs to be time for testing, and adding the logging at all the right places in the current code may take some work, especially if he's unfamiliar with the application. If he's quite familiar with the application, 25 hours reflects either a very padded estimate or a developer who is very unsure of how to do it--and for something this simple, that's hard to believe unless he's a very new developer or intern.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MadsingAuthor Commented:
Some developer who has build the entire application!! Just makes me shake about all previews hours spent :)

Thanks for the feedback Wilson!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.