我如何知道一个用户帐户中使用ASP.Net窗体身份验证已经登录? [英] How do I tell if a user account is already logged in using ASP.Net Forms Authentication?
问题描述
我们的SSO登录过程中使用窗体身份验证对一个自定义用户存储在SQL Server中。
Our SSO login process uses Forms Authentication against a custom user store in SQL Server.
我们的一个新的安全要求是只允许一个账户同时有一个活动会话。因此,用户登录任何时候,我们会检查,看看是否登录凭据已经活跃,preferably prevent再次登录,直到其他会话结束的新用户。另外,我们可能会迫使其他会话结束,如果实施会更容易些。
One of our new security requirements is to only allow an account to have one active session at a time. So any time a user logs in, we will check to see if the login credentials are already active, and preferably prevent the new user from logging in again until the other session ends. Alternatively we could force the other session to end, if that would be easier to implement.
有一个简单的方式与窗体身份验证做到这一点?我们认为,我们跟踪数据库中的每个会话的定制的方法,但它会是一个大量的工作,我们可能不得不修改所有的应用程序来检测Session_End中,其中我希望避免的。我想必须有东西在窗体身份验证处理这个。
Is there a simple way to do this with Forms Authentication? We've considered a custom approach where we track each session in the database, but it would be a lot of work and we'd probably have to modify all of our applications to detect the session_end, which I'm hoping to avoid. I figure there has to be something in Forms Auth that handles this.
我见过的MembershipUser.IsOnline()方法,这似乎理想,但我们没有使用一个成员提供者。
I've seen the MembershipUser.IsOnline() method, which seems ideal, but we're not using a Membership provider.
更新:只是要清楚,我并不需要检查当前用户是否登录,我需要知道,如果有其他人在使用相同的帐户已经登录
UPDATE: Just to be clear, I do not need to check whether the current user is logged in, I need to know if somebody else is already logged in using the same account.
推荐答案
如果我明白你改正,你需要根据用户ID存储最后一个活动的状态。
Membership.IsOnline()通过检查<一个实施href=\"http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.lastactivitydate.aspx\"相对=nofollow> LastActivityDate 财产坚持在会员数据库。
所以某处,你就需要跟踪用户活动。
也许你可以实现一个HTTP模块,更新用户活动的时间戳。
If I understood you correct, you would need to store the last activity state based on the user id.
Membership.IsOnline() is implemented by checking the LastActivityDate property persisted in the membership database.
So somewhere, you would need to track user activity.
You could maybe implement a httpmodule that updates a timestamp for user activity.
这篇关于我如何知道一个用户帐户中使用ASP.Net窗体身份验证已经登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
