ASP.NET prevent the same user being logged in multiple times
I have a requirement for an ASP.NET web application whereby the same user is not allowed to be logged in multiple times. I think this is to prevent people from sharing usernames and passwords.
The problem I am having is that unless a user explicitly logs out of the system it is hard to tell if he is still logged i开发者_运维百科n and using the system or not.
Hence the only reliable way I can think of to implement this is to log to database the user id, IP address and timestamp every time a user makes an interaction with the system and lock anyone else out who is not from that IP address if they try and log in within ten minutes of the last date logged in this table.
Can anyone think of a better way to manage this?
If you use ASP.NET MembershipProvider you can do something like this:
protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
if (Membership.ValidateUser(Login1.UserName, Login1.Password))
{
int time = Membership.UserIsOnlineTimeWindow;
MembershipUser user = Membership.GetUser(Login1.UserName, true);
if (user != null)
{
if (user.IsOnline)
{
lblMessaggeIsOnLine.Visible = true;
e.Cancel = true;
}
else
lblMessaggeIsOnLine.Visible = false;
}
}
}
you can use SessionEnd event in global.asax if your session state mode is not SqlServer.
for example:
your config:
<sessionState timeout="15"></sessionState>
after 15min your sessionend event triggered and you can sign out user
You are right. You need to manage the user log-ins and act accordingly. Let me knonw whether you are using your own provider or using ASP.NET provider. The default provider has some options within it.
精彩评论