1

I have a requirement for an ASP.NET web application whereby the same user is not allowed to be logged in multiple times. I think this is to prevent people from sharing usernames and passwords.

The problem I am having is that unless a user explicitly logs out of the system it is hard to tell if he is still logged in and using the system or not.

Hence the only reliable way I can think of to implement this is to log to database the user id, IP address and timestamp every time a user makes an interaction with the system and lock anyone else out who is not from that IP address if they try and log in within ten minutes of the last date logged in this table.

Can anyone think of a better way to manage this?

Improve this question

3 Answers 3

Reset to default
6

If you use ASP.NET MembershipProvider you can do something like this:

    protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
    {
        if (Membership.ValidateUser(Login1.UserName, Login1.Password))
        {
            int time = Membership.UserIsOnlineTimeWindow;

            MembershipUser user = Membership.GetUser(Login1.UserName, true);
            if (user != null)
            {
                if (user.IsOnline)
                {
                    lblMessaggeIsOnLine.Visible = true;
                    e.Cancel = true;
                }
                else
                    lblMessaggeIsOnLine.Visible = false;
            }
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

you can use SessionEnd event in global.asax if your session state mode is not SqlServer.

for example:

your config: 

<sessionState timeout="15"></sessionState>

after 15min your sessionend event triggered and you can sign out user

Improve this answer

Comments

1

You are right. You need to manage the user log-ins and act accordingly. Let me knonw whether you are using your own provider or using ASP.NET provider. The default provider has some options within it.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.