Aspx会自动注销已锁定或已禁用的用户 [英] Aspx automatically log off locked or disabled users

问题描述

我正在使用会员提供商来控制用户访问



我得到了如何超时工作。那已经到位了。



我们有一套软件，一些基于网络（aspx）和一个窗口，但这是我同事的问题^ _ ^



当用户添加到系统时，我们在4个不同的系统中创建一个帐户，并将IsActive设置为false。当他们被授予访问帐户的权限时，我们将IsActive设置为true。

编辑：当撤销用户访问权限时，我们将IsActive设置为false。

这样可以防止有人登录，但我还想踢出已经登录系统的任何用户。



目前看起来好像一旦用户登录，他们将保持登录状态他们退出或超时到期。



谷歌搜索这个没有帮助：S



欢迎任何建议。



谢谢

Andy



我尝试过：



大部分数据来自SignalR。我可以检查该阶段的用户状态，但我的同事基于Web的应用程序不使用SignalR。我正在寻找一个更典型的解决方案

Hi,

I am using Membership Providers to control user access

I get how the timeout works. That's already in place.

We have a suite of software, some web based (aspx) and 1 windows, but that's my colleagues problem ^_^

When a user is added to the system, we create an account in 4 different systems with IsActive set to false. When they are granted access to an account, we set IsActive to true.
When a users access is revoked we set IsActive back to false.
This works fine for preventing someone from logging in, but I would also like to "kick out" any user already logged into the system.

Currently it looks as though once a user has logged on, they will stay logged in until they log out or the timeout expires.

Google searching for this hasn't helped :S

Any advice is welcome.

Thanks
Andy

What I have tried:

Much of the data comes from SignalR. I can check the users status at that stage, but my colleagues web based app doesn't use SignalR. I am looking for a more typical solution

推荐答案

因此，每次创建用户时，您都希望将所有人都记录下来？对我没有意义。另外你为什么要把人们记录下来？这有什么好处？



无论如何，如果你登录的是由cookie决定的，你不能在人们的机器上更新cookie，除非他们正在制作一个请求到您的网站。所以基本上你不能记录下来。您需要提出一些机制来定义不应该保留其身份验证的机制，并在每次向站点发出请求时检查用户是否在该列表上，如果是，请在此时将其注销。

So every time a user is created you want to log everyone out? Doesn't make sense to me. Also why do you want to log people out? What is the advantage of that?

Regardless, if you are logged in is dictated by cookies and you can't update the cookies on people's machines unless they are making a request to your site. So basically you can't log people off. You'll need to come up with some mechanism that defines whose authentication should not be persisted, and on every request to the site check if the user is on that list and if so log them off at that point.

这篇关于Aspx会自动注销已锁定或已禁用的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！