Global OnLoggedIn event in ASP.net?

Question

Is there a way to be notified when a user becomes logged in with an ASP.net website?

Note: A user can become logged in without visiting a "login page". If the "remember me" cookie exists, they can hit an arbitrary page and be logged in.

When a user is logged in i want to fetch some session related information.

Note: There is the Login.LoggedIn event. Problem is that that control doesn't exist on every page; and the one page it is present on (Login.aspx) doesn't call OnLoggedIn event.

In the same way that Global.asax has a global On Session Start notification:

void Session_Start(object sender, EventArgs e) 
{
}

i assume somewhere there's a On User Logged In notifiation:

void LoggedIn(object sender, EventArgs e)
{
}

Bonus Reading

• OnLoggedIn event on Login page ASP.NET
• Run custom code on login
• MDSN Logon.OnLoggedIn event
• How to update last login date if “Remember Me” set?

Answer 1

I think you don't have a unique place to do that. In my case (MVC + log4net) I use this:

• In Global.asax I check for authenticated users with pre-existing cookie.

  protected void Session_Start()
  {
      string ip = HttpContext.Current.Request.UserHostAddress;
  
      log.InfoFormat("Starting session: {0} from {1}.",Session.SessionID, ip);
  
      if ((HttpContext.Current != null) &&
          (HttpContext.Current.User != null) &&
          (HttpContext.Current.User.Identity.IsAuthenticated) )
      {
          string user = HttpContext.Current.User.Identity.Name;
          string type = "Cookie";
  
          log.InfoFormat("User {0} logged in with {1}.", user, type);
      }
  
  }
  

• In my Account controller I check for local logins (I'm using Internet Application Template from MVC4, but you can do this in your Login.OnLoggedIn if you're using Web forms)

  [HttpPost]
  [AllowAnonymous]
  [ValidateAntiForgeryToken]
  public ActionResult Login(LoginModel model, string returnUrl)
  {
      if (ModelState.IsValid && WebSecurity.Login(model.EMail, model.Password, persistCookie: model.RememberMe))
      {
          string user = model.EMail;
          string type = "Forms";
  
          log.InfoFormat("User {0} logged in with {1}.", user, type);
  
          return RedirectToLocal(returnUrl);
      }
  
      // If we got this far, something failed, redisplay form
      ModelState.AddModelError("", "The user name or password provided is incorrect.");
      log.ErrorFormat("Bad password or user name. User={0}", model.EMail, model.Password);
      return View(model);
  }
  

• But I need to check for OAuth logins too, like this:

  [AllowAnonymous]
  public ActionResult ExternalLoginCallback(string returnUrl)
  {
      AuthenticationResult result = OAuthWebSecurity.VerifyAuthentication(Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl }));
      if (!result.IsSuccessful)
      {
          log.Debug("External login failure.");
  
          return RedirectToAction("ExternalLoginFailure");
      }
  
      if (OAuthWebSecurity.Login(result.Provider, result.ProviderUserId, createPersistentCookie: false))
      {
          log.InfoFormat("User {0} logged in with External {1} login. External UserID = {2}",
              Membership.GetUser(OAuthWebSecurity.GetUserName(result.Provider, result.ProviderUserId)).UserName,
              result.Provider,
              result.ProviderUserId);
  
          return RedirectToLocal(returnUrl);
      }
  
      ...
  }