用户登录技术C#Win App
[英]User Login technique C# Win App
问题描述
HI, I am doing ERP solution in C#(2.0) windows application and SQL2005 Database.The network application communicate through Database.I used normal technique for user login and logout, keeping a status bit.My problem is that when my application interrupted with any other reason user status might not change.That will cause the user can't login at next time.How can I solve this problem? 
HI,我在C#(2.0)windows应用程序和SQL2005数据库中进行ERP解决方案。网络应用程序通过Database进行通信。我使用常规技术进行用户登录和注销,保持状态位。我的问题是当我的应用程序被任何中断时其他原因用户状态可能不会改变。这将导致用户下次无法登录。如何解决此问题? Could you give any new technique for user manipulation? 你能为用户操作提供任何新技术吗?
4 个解决方案
解决方案1
2 2009-01-08 08:02:33
How about keeping track of user logins by maintaining a session for each login? 如何通过维护每次登录的会话来跟踪用户登录? The quick-and-dirty solution is to then offer an option to have them login from a "new location" and invalidate the old session. 快速而肮脏的解决方案是提供一个选项,让他们从“新位置”登录并使旧会话无效。 Then when you go to perform an operation, first check if the session is still valid. 然后,当您执行操作时,首先检查会话是否仍然有效。
The better implementation is to keep the session alive and specify a timeout. 更好的实现是保持会话活动并指定超时。 (ie if the session is x-minutes old, invalidate it.) Then you won't see "phantom logins" from old orphaned connections - they automatically expire. (即如果会话为x分钟,则使其无效。)然后,您将看不到旧孤立连接中的“幻像登录” - 它们会自动过期。
解决方案2
1 2009-01-08 08:03:17
There are two common answers here: 这里有两个常见的答案:
- if you try to log in, and are already logged in, offer to break (reset) the existing login 如果您尝试登录并且已经登录,则提议中断(重置)现有登录
- use a polling/timeout - ie have the app call a method every 2 minutes (for example) that updates a "last heard from"; 使用轮询/超时 - 即让应用程序每2分钟调用一个方法(例如)更新“最后听到的”; if you haven't heard from somebody in 5 minutes (for example), then clear the flag 如果你没有在5分钟内从某人那里听到(例如),那么清除旗帜
解决方案3
1 已采纳 2009-01-08 09:59:43
If your intention is to disallow sharing of one username on different computers, after logging with valid password, log the unique token on that computer to staff.last_logged_at = @unique_token . 如果您打算禁止在不同计算机上共享一个用户名,则在使用有效密码登录后,将该计算机上的唯一令牌记录到staff.last_logged_at = @unique_token 。 On logout, set staff.last_logged_at = ''. 注销时,设置staff.last_logged_at =''。 This way even if the computer was interrupted(program crash due to virus, or accidentally pressed the reset button of the computer, etc, hence last_logged_at was not reset to '') the user can still logged in, just check if the token of the computer the user is currently logging in is same with last_logged_at. 这种方式即使计算机被中断(由于病毒导致程序崩溃,或意外按下计算机的重置按钮等,因此last_logged_at未重置为''),用户仍然可以登录,只需检查是否有令牌用户当前登录的计算机与last_logged_at相同。 If it is the same, he/she can still logged on. 如果是相同的,他/她仍然可以登录。
If some user tried to login using the username of other user, just check if the machine token of some user's computer is the same with the other user's last_logged_at, if it is not equal, disallow logging in, it means two users share the same password. 如果某个用户尝试使用其他用户的用户名登录,只需检查某个用户计算机的机器令牌是否与其他用户的last_logged_at相同,如果不相等,则禁止登录,这意味着两个用户共享相同的密码。
Now the scenario if the computer crashes really hard (processor melts, hard disk crash, OS needs reinstalling, etc). 现在的情况是,计算机崩溃真的很难 (处理器融化,硬盘崩溃,操作系统需要重新安装等)。 User must be allowed to use other computers. 必须允许用户使用其他计算机。 Make an administrative module that can reset the last_logged_at of the user. 创建一个可以重置用户的last_logged_at的管理模块 。
For @unique_token, just use anything that is unique and permanent on a computer, let's say MAC address, or hash anything on OS settings. 对于@unique_token,只需在计算机上使用任何唯一且永久的东西,比如说MAC地址,或在操作系统设置上散列任何东西。
pseudo code: 伪代码:
Logging In:
if (select count(*) from staff where staff_name = @staff_name and password = 'correct' and (last_logged_at = '' or last_logged_at = @unique_token) ) <> 0 then then
-- allow login
update staff set last_logged_at = @unique_token where staff_name = @staff_name
else if (select count(*) from staff where staff_name = @staff_name and password = 'correct' and last_logged_at <> @unique_token) <> 0 then then
-- disallow login
throw exception "You cannot use the same user name on two or more computers. Contact the administrator if you have any concerns"
else
-- disallow login
throw exception "Wrong password"
end if
Logging Out:
update staff set last_logged_at = '' where staff_name = @staff_name
解决方案4
0 2009-01-08 08:53:54
Why limit the number of times a user can login? 为什么要限制用户登录的次数? In Windows it is common to start multiple instances of an application. 在Windows中,通常会启动应用程序的多个实例。
I must admit, I my Windows App there is also a part only one user is allowed. 我必须承认,我的Windows应用程序还有一部分只允许一个用户。 To see if other users are connected I use something like the polling algorithm from Marc. 要查看其他用户是否已连接,我使用Marc的轮询算法。 With an option to force the entry. 有一个强制输入的选项。
An update of the lock record once every minute, or two minutes is not that resource intensive (unless you have thousands of users). 每分钟或两分钟更新一次锁记录并不是资源密集型(除非您有数千名用户)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.