stackoom
  简体   繁体   中英

ASP.NET Identity Concurrent Logins

 原文  2017-04-04 20:40:11       c#/ asp.net/ webforms/ asp.net-identity

Question

I have an ASP.NET Web Forms application. This application is not something that will be used internally, but rather will get installed on a server and sold to customers who will use it internally.

So with that, we have limited the number of users that can access it (different packages: 10, 25, 50, or unlimited). The problem is, however, that with ASP.NET Identity, concurrent logins are allowed. This means if a customer has a 10-user system, they could all log in as the same user, and have effectively unlimited user access. So if "Dave" logged in as Dave, then Jim could log in as Dave, as could Bob, John, Stacey, and any number of people.

What I'm missing is a way to force concurrent logins to logout, if the same user. So if Bob tries to log in as Dave, then Dave (the original login) gets logged out.

I found a couple of examples that somewhat work around the issue, but they were a little dated, and were for MVC.

1 answers

solution1
 3 ACCPTED  2017-05-09 14:44:08

I was able to solve the issue by utilizing cookie authentication and an asynchronous method to update the security stamp.

Basically, the user's login information is stored in a cookie, which gets validated on every page load. When someone else logs in with the same username (or the same user logs in with a different browser), it updates the security stamp (causing invalidation for anyone currently logged in) and then proceeds to log the user in, using the updated stamp. On the login screen, my "Login" button's LogIn event is: 

protected async void LogIn(object sender, EventArgs e)

Then below in the body of the method, we have: 

await signinManager.UserManager.UpdateSecurityStampAsync(user.Id);
await signinManager.PasswordSignInAsync(Username.Text, Password.Text, true, false);
Response.Redirect("~/Default.aspx");

This will ensure that every time a user logs in, their SecurityStamp is updated and stored in the database. And as long as the user goes back to the site in the same browser, then their login will be persisted. However, if any user comes behind them in a different browser and logs in using their same credentials, then the first account will be logged out.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Restrict concurrent login - ASP.NET Identity OWIN ASP.NET - Avoid multiple logins for the same account without Identity in Web Api What are type of logins in asp.net MVC? Extending ASP.NET Identity asp.net identity SetEmailConfirmedAsync mysql and asp.net identity Customize ASP.NET Identity Asp.NET identity issue ASP.NET Identity and SignalR asp.net identity - SetPasswordHashAsync
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM