Skip to main content

How to prevent multiple logins from the same user in asp.net

Preventing a User From Having Multiple Concurrent Sessions in asp.net

Previously I was Explained about the How to remove rows from GridView using jQuery in asp.net, Nested GridView in ASP.NET Using c# with show/hide ,  How to Add a Locked Header Row to an ASP.NET GridView Control ,  How to remove rows from GridView using jQuery in asp.net , Popup window on button click in asp net

We implemented a system for this along the following lines:
  • Added a property to the users Profile to hold their session ID.
  • Whenever a user logs in, store their session ID in the Profile.
  • On any page that requires a this level of security, check to see if the session ID stored in the profile matches their session. This check could be performed in a custom AuthorizeRequest event handler, or it could be performed in a Base class that these pages derive from, and if not, redirect them to the login page.
We went for the base class option as we have two levels of authentication:
  1. The user has a cookie token to prove that they have logged in at some point in the past - this is fine for showing them restricted site content.
  2. The user has actually provided their login details this session - this is required when showing them any personal details (email addresses, preferences, saved job searches, etc).
The main issues you'll find with almost any system:
  1. Using the users IP address is unreliable - corporate users, those behind proxies, etc, often share an IP address, so would "appear" to be the same user.
  2. Relying on a user to log out is unreliable - the users computer/browser might crash not giving them the opportunity to log out, the user can/will forget to log out.
  3. Relying on session time-outs is unreliable - if you're not using InProc sessions, the SessionEnd event never fires, if your server crashes the event isn't called, etc.
The issues you'll find with a solution like mine are:
  1. It doesn't stop the second user logging in - instead it will lock out the first user, which should discourage sharing of details in the first place.
  2. If you don't implement this as an AuthorizeRequest handler you have to remember perform the check on the pages that should be locked down.
Responding to comment
In response to your specific queries:
  1. The default Profile Provider stores the data in the same SQL database as the membership provider (the tables are created along with the membership and roles tables). If you were to store it "in the cache" this would need to be the global application cache, along the lines KMan suggests in option 2 - and as pointed out the comments, you'd need to build a time-out for this, and that leads back to the issue of reliably determining this.
  2. The user doesn't log out: This is handled in our system by not locking out future users, but by locking out previously logged in users - so:
    • Alice comes to the site, logs in, starts browsing.
    • Bob comes to the site, and logs in with Alice's details, starts browsing.
    • Alice tries to continue browsing, is locked out, has to log in again.
    • Bob is now locked out.
    • etc.
At its most basic, this won't stop the users sharing their logins, but will cause them annoyance, forcing them to keep logging in. If you need to you can add a delay to the login process - so if a different session id attempts to log into the site within the session time-out (defaults to 20 minutes) or some other time, say based on the average time a user spends on a page, then deny the login attempt.

 Source From :



Labels:

Comments

Post a Comment

Popular posts from this blog

ASP.NET e-Commerce website GridView with Product Listing

Introduction : E-Commerce web applications are everywhere these days, and many share a common set of functionality. In this article, I will show how to use the GridView and ListView controls to build a powerful product page with many of the features found on today's e-commerce sites. We'll build a bicycle store product grid using some free clip art bicycle images. The example files are user controls which can be easily added to a page. We're only using three images here to keep the size of the sample application small. In previously I was explained about  Sending Email from Asp.net With Dynamic Content  ,  How To Export gridview data to Excel/PDF , CSV Formates in asp.net C#  , How to print Specific Area in asp.net web page How To- Search records or data in gridview using jQuery  . A shopping cart application would require to display the products in a multi column grid, rather than a straight down list or a table. The each item in a product grid would have
Post a Comment
Read more

How to hide url parameters in asp.net

There are different ways to Hide the URL in asp.net , you can choose any one from bellow options . Previously I was Explained about the  Difference between Convert.tostring and .tostring() method Example  ,   Reasons to use Twitter Bootstrap , How to Register AJAX toolkit in web.config file in asp.net a) Using Post Method b) Using Of Session . c) URL Encoding & decoding process . d) Using Server.Transfer() instead of Response.Redirect() method (1)Use a form and POST the information. This might require additional code in source pages, but should not require logic changes in the target pages (merely change Request.QueryString to Request.Form). While POST is not impossible to muck with, it's certainly less appealing than playing with QueryString parameters. (2)Use session variables to carry information from page to page. This is likely a more substantial effort compared to (1), because you will need to take session variable checking into account (e.g. the
Post a Comment
Read more

Nested GridView in ASP.NET Using c# with show/hide

In This example shows how to create Nested GridView In Asp.Net Using C# And VB.NET With Expand Collapse Functionality. Previous post I was Explained about the   ASP.NET e-Commerce website GridView with Product Listing  ,  How To Export gridview data to Excel/PDF , CSV Formates in asp.net C# , Sending Email from Asp.net With Dynamic Content  ,  SQL Server- Case Sensitive Search in SQL Server I have used JavaScript to Create Expandable Collapsible Effect by displaying Plus Minus image buttons. Customers and Orders Table of Northwind Database are used to populate nested GridViews. Drag and place SqlDataSource from toolbox on aspx page and configure and choose it as datasource from smart tags Go to HTML source of page and add 2 TemplateField in <Columns>, one as first column and one as last column of gridview. Place another grid in last templateField column. Markup of page after adding both templatefields will like as shown below. HTML SOURCE < a
Post a Comment
Read more