diff --git a/apps/assets/views/asset.py b/apps/assets/views/asset.py
index ba490818d..5b136aa79 100644
--- a/apps/assets/views/asset.py
+++ b/apps/assets/views/asset.py
@@ -186,7 +186,7 @@ class AssetDeleteView(AdminUserRequiredMixin, DeleteView):
     success_url = reverse_lazy('assets:asset-list')
 
 
-class AssetDetailView(DetailView):
+class AssetDetailView(LoginRequiredMixin, DetailView):
     model = Asset
     context_object_name = 'asset'
     template_name = 'assets/asset_detail.html'
@@ -203,7 +203,7 @@ class AssetDetailView(DetailView):
 
 
 @method_decorator(csrf_exempt, name='dispatch')
-class AssetExportView(View):
+class AssetExportView(LoginRequiredMixin, View):
     def get(self, request):
         spm = request.GET.get('spm', '')
         assets_id_default = [Asset.objects.first().id] if Asset.objects.first() else []
diff --git a/apps/users/api.py b/apps/users/api.py
index 89ab0d129..5afc1b4c0 100644
--- a/apps/users/api.py
+++ b/apps/users/api.py
@@ -3,6 +3,7 @@ import uuid
 
 from django.core.cache import cache
 from django.urls import reverse
+from django.shortcuts import get_object_or_404
 from django.utils.translation import ugettext as _
 
 from rest_framework import generics
@@ -20,6 +21,7 @@ from .utils import check_user_valid, generate_token, get_login_ip, \
     check_otp_code, set_user_login_failed_count_to_cache, is_block_login
 from orgs.utils import current_org
 from common.permissions import IsOrgAdmin, IsCurrentUserOrReadOnly, IsOrgAdminOrAppUser
+from .hands import Asset, SystemUser
 from common.mixins import IDInFilterMixin
 from common.utils import get_logger
 
@@ -311,10 +313,16 @@ class UserConnectionTokenApi(APIView):
         asset_id = request.data.get('asset', '')
         system_user_id = request.data.get('system_user', '')
         token = str(uuid.uuid4())
+        user = get_object_or_404(User, id=user_id)
+        asset = get_object_or_404(Asset, id=asset_id)
+        system_user = get_object_or_404(SystemUser, id=system_user_id)
         value = {
             'user': user_id,
+            'username': user.username,
             'asset': asset_id,
-            'system_user': system_user_id
+            'hostname': asset.hostname,
+            'system_user': system_user_id,
+            'system_user_name': system_user.name
         }
         cache.set(token, value, timeout=20)
         return Response({"token": token}, status=201)
diff --git a/apps/users/hands.py b/apps/users/hands.py
index 56435a5a4..0792fa099 100644
--- a/apps/users/hands.py
+++ b/apps/users/hands.py
@@ -15,3 +15,4 @@
 # from users.models import User
 # from perms.models import AssetPermission
 # from perms.utils import get_user_granted_assets, get_user_granted_asset_groups
+from assets.models import Asset, SystemUser