Our SSO login process uses Forms Authentication against a custom user store in SQL Server.
我们的SSO登录过程对SQL Server中的自定义用户存储使用表单身份验证。
One of our new security requirements is to only allow an account to have one active session at a time. So any time a user logs in, we will check to see if the login credentials are already active, and preferably prevent the new user from logging in again until the other session ends. Alternatively we could force the other session to end, if that would be easier to implement.
我们的新安全要求之一是仅允许帐户一次拥有一个活动会话。因此,每当用户登录时,我们将检查登录凭据是否已经处于活动状态,并且最好阻止新用户再次登录,直到另一个会话结束。或者,如果更容易实现,我们可以强制其他会话结束。
Is there a simple way to do this with Forms Authentication? We've considered a custom approach where we track each session in the database, but it would be a lot of work and we'd probably have to modify all of our applications to detect the session_end, which I'm hoping to avoid. I figure there has to be something in Forms Auth that handles this.
使用表单身份验证有一种简单的方法吗?我们已经考虑了一种自定义方法,我们跟踪数据库中的每个会话,但这将是很多工作,我们可能必须修改我们的所有应用程序来检测session_end,我希望避免。我认为Forms Auth中必须有一些东西来处理这个问题。
I've seen the MembershipUser.IsOnline() method, which seems ideal, but we're not using a Membership provider.
我见过MembershipUser.IsOnline()方法,看起来很理想,但我们没有使用会员提供程序。
UPDATE: Just to be clear, I do not need to check whether the current user is logged in, I need to know if somebody else is already logged in using the same account.
更新:为了清楚,我不需要检查当前用户是否已登录,我需要知道其他人是否已使用同一帐户登录。
3 个解决方案
#1
If I understood you correct, you would need to store the last activity state based on the user id.
Membership.IsOnline() is implemented by checking the LastActivityDate property persisted in the membership database.
So somewhere, you would need to track user activity.
You could maybe implement a httpmodule that updates a timestamp for user activity.
如果我理解你是正确的,你需要根据用户ID存储最后一个活动状态。 Membership.IsOnline()是通过检查成员资格数据库中持久存在的LastActivityDate属性来实现的。所以在某个地方,您需要跟踪用户活动。您可以实现一个更新用户活动时间戳的httpmodule。
#2
Try this:
System.Web.HttpContext.Current.User.Identity.IsAuthenticated
#3
If the HttpContext.Current.User property is not null then they are logged in. And Identity.IsAuthenticated is true.
如果HttpContext.Current.User属性不为null,则它们将登录。并且Identity.IsAuthenticated为true。
#1
If I understood you correct, you would need to store the last activity state based on the user id.
Membership.IsOnline() is implemented by checking the LastActivityDate property persisted in the membership database.
So somewhere, you would need to track user activity.
You could maybe implement a httpmodule that updates a timestamp for user activity.
如果我理解你是正确的,你需要根据用户ID存储最后一个活动状态。 Membership.IsOnline()是通过检查成员资格数据库中持久存在的LastActivityDate属性来实现的。所以在某个地方,您需要跟踪用户活动。您可以实现一个更新用户活动时间戳的httpmodule。
#2
Try this:
System.Web.HttpContext.Current.User.Identity.IsAuthenticated
#3
If the HttpContext.Current.User property is not null then they are logged in. And Identity.IsAuthenticated is true.
如果HttpContext.Current.User属性不为null,则它们将登录。并且Identity.IsAuthenticated为true。