Please enable JavaScript to view this site.

Navigation: Using ASPRunner.NET > Security

Audit and record locking

Scroll Prev Next More

Locking and Audit

The Audit trail window allows you to configure logging options and record locking on the Edit page.

 

Press the Locking and Audit button on the Security screen to open the Audit trail popup.

security_audit_locking

 

Audit settings

security_audit_settings

 

The Audit settings is a section dedicated to logging.

 

A log is a record of user actions like login/logout/adding/editing/deleting records. The logging is disabled by default.

 

To enable logging, select one of the options:

 

Log to database. Select a table to store the log or create a new one. You can set the name for the new table.

Log to file. Enter the log File name, for example, audit.log. By default, the log files are saved to the root folder of the project. You can enter the File name as <folder>/<file name> to change the location of the log file. For example, if you set the File name to log/audit.log, the log files will be saved to the %root folder of the project%/log.

 

Note: ASPRunner.NET creates new log files each day, so the log file names look like this: %file_name%_yyyymmdd.log.

 

You can also select the Log login/logout actions and Lock user account after three unsuccessful logins checkboxes to enable the corresponding actions.

 

Note: the Lock user account after three unsuccessful logins option is available only if you selected Log to database.

 

Select the tables to which to apply the modifications or field values logging in the Table modifications section.

 

Here is an example of a log file:

 

Date                Time                IP                User        Table                Action        Key        field        Field Old value        Field New value

Jul 23,2019        18:13:56        127.0.0.1        user        carsusers        login

Jul 23,2019        18:14:20        127.0.0.1        user        carsbcolor        edit        25        color        Simple Black                Full Black

Jul 23,2019        18:14:44        127.0.0.1        user        carsbcolor        add        26        color                                Basic White

Jul 23,2019        18:14:44        127.0.0.1        user        carsbcolor        add        26        rgb                                #FFFFFF

Jul 23,2019        18:14:44        127.0.0.1        user        carsbcolor        add        26        OwnerID                        3

Jul 23,2019        18:14:53        127.0.0.1        user        carsusers        logout

Jul 23,2019        18:14:55        127.0.0.1        admin        carsusers        login

Jul 23,2019        18:14:59        127.0.0.1        admin        carsusers        logout

 

Note: to analyze information from the log table, you can add a report or chart to your project, or use the online report/chart builder.

Table modifications

security_audit_table_modifications

 

This is the section where you can fine-tune the logging and record locking.

 

Select the corresponding checkboxes to enable logging modifications, logging field values, or record locking for the tables of your choosing.

Record locking

security_audit_locking_settings

 

This section allows you to enable the record locking to prevent situations when users simultaneously edit the same record. While one user is editing the record, it becomes locked, so other users can't change it. The record locking is disabled by default.

 

To enable record locking, select the Enable locking checkbox. You also need to choose an existing table to store the locking data or create a new one. You can set the name for the new table.

 

Select the tables to which to apply the record locking in the Table modifications section.

 

ASPRunner.NET shows the following message to any user who tries to edit the locked record:

security_audit_locking_user

 

Note: administrators can unlock the record (the user receives a message, that admin aborted the edit session) or edit it (the user receives the standard message):

security_audit_locking_admin

Auto unlocking

If a user goes to the Edit page and then clicks Back in the browser, the record remains blocked. To prevent this, ASPRunner.NET utilizes an automatic unlocking method. By default, the record is unlocked after 550 seconds. You can change this value by editing two parameters in the file include/locking.asp:

 

public dynamic ConfirmTime = XVar.Pack(250);
public dynamic UnlockTime = XVar.Pack(300);

 

The variable ConfirmTime determines the interval (in seconds) between requests for confirmation that the user hasn't left the Edit page (i.e., checking if the record is still locked).

 

The variable UnlockTime determines the time (in seconds) after a failed confirmation when the record is unlocked automatically.

Security screen articles:

Security screen

Login form appearance

Two-factor authentication

Registration and passwords

Advanced security settings

User group permissions

Dynamic permissions

Encryption

Session keys

Active Directory

Facebook connect

Sign in with Google

CAPTCHA on authentication pages

See also:

Security API

Datasource tables screen

Miscellaneous settings

Page Designer

Event editor