访问Web ASP .NET应用程序的用户数量限制 [英] Limit number of users accessing a web ASP .NET application

问题描述

如何限制用户数量到Web应用程序。

How do I limit the number of users to a web application.

您可能希望限制Web应用程序只处理说20的用户在同一时间。我们公司销售基于多个许可证的申请，但我们不能确定的行为可能是一个Web应用程序是什么。

You may want to limit the web app to only handle say 20 users at a time. Our company sells applications based on a number of licenses, but we are not sure what the behaviour could be in a web app.

我见过一些建议，说你可以标志一个用户帐户作为的loggedIn = TRUE当用户已登录，然后每一个新的成功的登录尝试的检查的loggedIn =真的记录数。如果它超过了界限，则用户将被拒绝。

I have seen some suggestions saying you can flag a user account as "LoggedIn = True" when a user has logged in. Then each new successful login attempt checks the number of "LoggedIn = True" records. If it exceeds the limit, then the user is rejected.

如何将意外被输入在这种情况下，如何处理？如果：

How will unexpected input be handled in this case? What if:

• 的用户不点击注销，并关闭浏览器


• 浏览器崩溃，用户没有得到一个机会做注销


• 网络连接断开，在客户端上电熄灭等等等等。

以上所有仍然有的loggedIn =真标志设置，贡献的登录用户数。这可能会无意中阻挡正版验证的用户。

All the above will still have the "LoggedIn = True" flag set and contribute to the number of logged in users. This may unintentionally block out genuine authenticated users.

我要寻找更多可能的话ASP.NET的解决方案。

I am looking more for ASP.NET solutions if possible.

推荐答案

假设你的用户身份验证是某种基于会话，那么答案，所有的意外的情况下（这实际上将成为常态 - 人们似乎很少注销Web应用程序），将是那些用户插槽成为自由时，会话超时。所以，你需要调查您的应用程序的使用模式。如果你得到了很多人几分钟的登录，但没有比这更多，那么30分钟的会话超时将意味着很少有人真正得到使用的应用程序。

Assuming your user authentication is somehow session based, then the answer to all your "unexpected" cases (which will actually be the norm - people rarely seem to log out of web applications) will be that those user slots become free when the session times out. So you'd need to investigate usage patterns of your application. If you get a lot of people logging on for a couple of minutes, but no more than that, then a 30 minute session time out would mean very few people actually get to use the application.

最根本的问题是，Web应用程序本质上断开，所以你不能监视用户的网页请求之间实际上做什么。通常情况下，你会卖为特定用户这样一个应用程序的许可证（所以，如果一家公司购买了20个许可证，这将给予他们20用户名和密码）。然后，你可以肯定是由相同的用户名和密码prevent多次登录，方法是拒绝第二次登录或停用previous一（这可能是更好的方法，以防有人真正从一台机器转移到另一而没有注销为您勾勒出原因）之一。

The fundamental problem is that web applications are inherently disconnected, so you can't monitor what a user is actually doing between requests for a page. Normally, you'd sell licences for such an application for specific users (so if a company buys 20 licences, that would give them 20 user names and passwords). Then you could certainly prevent multiple logons by the same user name and password, by either refusing the second logon or deactivating the previous one (which is probably the better approach in case someone has genuinely moved from one machine to another without logging off for one of the reasons you outline).

这篇关于访问Web ASP .NET应用程序的用户数量限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！