ASPNET身份避免同时登录同一账号 [英] aspnet identity avoid simultaneous login same account
问题描述
我正在寻找,但我无法找到一个答案:不ASPNET身份提供,以避免同一帐户登录的同时单向
I was searching but I could not find one answer to this question: does aspnet identity provide one way to avoid simultaneous login from the same account?
推荐答案
标识不具有一个内置的方式来跟踪同时登录,但你可以做一个变通办法:每次用户登录项,设置身份验证之前, -cookie,改变用户的 SecurityStamp
按等待userManager.UpdateSecurityStampAsync(user.Id);
Identity does not have a built-in way to track simultaneous logins, but you can do a work-around: every time user logs-in, before setting auth-cookie, change user's SecurityStamp
by await userManager.UpdateSecurityStampAsync(user.Id);
和确保你有这部分在 Startup.Auth.cs
:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(5),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
这样,每次用户登录,因为用户SecurityStamp改变所有其它的会话将失效。和 validateInterval
来一个足够低的值,因此其他的auth-Cookie可以无效很快。
This way every time user log-in, all other sessions will be invalidated because the SecurityStamp on user is changed. And the validateInterval
to a low enough value, so other auth-cookies can be invalidated soon enough.
这篇关于ASPNET身份避免同时登录同一账号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!