ASPNET身份避免同时登录同一账号 [英] aspnet identity avoid simultaneous login same account

问题描述

我正在寻找，但我无法找到一个答案：不ASPNET身份提供，以避免同一帐户登录的同时单向

I was searching but I could not find one answer to this question: does aspnet identity provide one way to avoid simultaneous login from the same account?

推荐答案

标识不具有一个内置的方式来跟踪同时登录，但你可以做一个变通办法：每次用户登录项，设置身份验证之前， -cookie，改变用户的 SecurityStamp 按等待userManager.UpdateSecurityStampAsync（user.Id）;

Identity does not have a built-in way to track simultaneous logins, but you can do a work-around: every time user logs-in, before setting auth-cookie, change user's SecurityStamp by await userManager.UpdateSecurityStampAsync(user.Id);

和确保你有这部分在 Startup.Auth.cs ：

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(5),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });            

这样，每次用户登录，因为用户SecurityStamp改变所有其它的会话将失效。和 validateInterval 来一个足够低的值，因此其他的auth-Cookie可以无效很快。

This way every time user log-in, all other sessions will be invalidated because the SecurityStamp on user is changed. And the validateInterval to a low enough value, so other auth-cookies can be invalidated soon enough.

这篇关于ASPNET身份避免同时登录同一账号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！