stackoom
  简体   繁体   中英

How to restrict user from same Username and Password to logic from two system/browser in asp.net mvc 4.0?

 原文  2013-11-14 06:10:44       c#/ asp.net-mvc/ security

Question

I've created a asp.net mvc4 web site. I've implemented Form authentication also. In this web site i want to block access to my web site client in a same time (if a client of my website is already open his or her account in a computer then that client can not get any permission to open that same website on the same time in other computer or any other browser of the same system).

I want to provide one paid service to user, and I don't want him to just share his username and password with many people to use my service simultaneously without paying for it. please help me soon

How can I implement this. do i need to maintain some login information in database or is there any built in tool available for this.

3 answers

solution1
 3  2013-11-15 12:19:33

To my knowledge there is nothing built in, but you may be able to implement your own version of the ASP.NET authorization providers .

Upon successful login you would need to store the value of the FormsAuthenticationTicket in your database and associate it to your user record.

On every page load you would need to check the value of the ticket against the database record for that user. In case of mismatch the user would be logged out.

Using this approach if User A and User B were using the same credentials, User A was logged in and if User B then logged in, it would invalidate User A's session and they would not be able to view content at the same time. You could also log the activity when a session is overridden, along with IP address and User Agent to help you identify users that are sharing account details.

solution2
 1 ACCPTED  2013-11-14 06:17:31

This feature is not built in.

I would add an "IsLoggedIn" bit column to my "User" table. Then you could check this column to see if the user should be allowed in.

The problem is going to be knowing when that flag should be set to false. It's easy enough to set the flag to false if the user clicks "logout" or in the "on session end" event, but I think you'll run in to cases where that's not good enough. For example, if a user logs in from a laptop and the laptop's battery fails, you aren't going to get any notification from the client that the user has left...

solution3
 0  2013-11-15 12:39:52

我认为大卫已经给出了大部分的想法(+1),但是对于关闭浏览器而不注销的问题,您可以在window.unload()事件中处理它以在表中设置标志。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to restrict user from submitting contact form again and again without session from its IP address in asp.net mvc Downgrading ASP.NET MVC 5 from .NET 4.5 to 4.0 How to get the URL from browser in ASP.Net MVC 5 Application ASP.NET MVC3 - Restrict Bundle Config Code from user How to get user name and password from url in ASP.NET? How do I return two different Views from the same Action in ASP.NET MVC? ASP.NET MVC How to be logout when same user is logged in from different computer How can I transfer the database logic from my Asp.Net MVC Apllication to ASP.Net Core MVC? asp.net mvc how to bind business logic from another project to my asp.net mvc project ASP.NET MVC 4 windows authentication not working when changing the ConnectionString although both have the same username/password
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM