Two Users Login with same UserID

A.M

Hi,

I am using WebForms authentication.

What would be the best way to prevent two person login with same userID at
the same time?

Thanks,
Alan

Nov 18 '05 #1

Subscribe Reply

1808

Lucas Tam

"A.M" <no*****@online .nospam> wrote in
news:eL******** *****@TK2MSFTNG P11.phx.gbl:

What would be the best way to prevent two person login with same
userID at the same time?

Flag the user as "logged in" in the database during Form Authentication.

In the Session_OnEnd event in the global.asax, unflag the user id.

But becareful - sessions last ~20 minutes... so if a user leaves the site
by accident, the user maybe blocked from reaccessing the site for 20+
minutes (depending on your session timeout value).

You could add additional logic to check IP addresses, cookies, etc to make
the flagging more robust and allow a user who did not log out properly to
return and re-login.
--
Lucas Tam (RE********@rog ers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Nov 18 '05 #2

Steven Cheng[MSFT]

Hi Alan,

Since you're using the FormsAuthentica iotn in ASP.NET web application,yes ?
Then, as for the prevent mult-login on the same user account , here are
some of my understandings:

1. Generally, such problem need us to manage a lookup table on the
serverside. It contains all he active users who has been login in the web
application. Then, when a user login, if this account hasn't been logged in
the active user table, we do the normal login operation, if exist, we
prevent him from login.

2. Then, the important thing we need to do is capture when a user is login
and when he has been left(logout). , ASP.NET formsauthentica tion will
generate a authentication token to identify an user who has login, and the
token is be default stored in the clientside cookie. then everytime the
user visit the pages in the web applicaiton, the token will be passed
within the request's cookie collection onto the web server so that the
serverside can check whether the user is authenticated.

So as for your scenario, I think we first need to provide a serverside
lookup table in application's shared memory. Then, we a user first time
login, we add an identity into the table, (need to contain his accountid
and also his sessionid)
Also, in every request's Authentication_ Request Event(you can hook it in
Global object or httpModule), we need to check the Formsauthentica tion
cookie to see whether the user is still active, if the token not exist, we
need to remove the item from the lookup table.

Here are some referece on asp.net Formsauthentica iotn and asp.net request
processing

#Forms Authentication Provider
http://msdn.microsoft.com/library/en...ookieauthentic
ationprovider.a sp?frame=true

#Securely Implement Request Processing, Filtering, and Content Redirection
with HTTP Pipelines in ASP.NET
http://msdn.microsoft.com/msdnmag/is...s/default.aspx

I think they'll also be helpful. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 18 '05 #3

Similar topics

3431

WML PHP Login pages

by: XP | last post by:

I am having problems with the blow page. I have a login page where I enter the userid and password. This then connects to this page. If I enter the userid and password correctly, it prints successfully logged into system. If I enter the wrong information all I get is an erro page HTTP status 502 etc. Can anyone help? <?php

PHP

2592

Removing NT popup login box

by: Maria | last post by:

Here's what I'm trying to do: I have a web page that's calling the server variable LOGON_USER to retrieve the userid of the person accessing it. The web has anonymous access disabled, and Integrated Windows Authentication enabled. My userid is a member of a security group that has access to the page. When I access this page on my web server, it displays my userid without popping up the NT login box. However, when I copy it to my...

ASP / Active Server Pages

1357

Changing MS Login ID on-the-fly?

by: PeteCresswell | last post by:

I'm building an app that isn't exactly Fort Knox security-wise. People who use it fall into three categories: Those that are in a table and have "Edit" permission. Those that are in the same table and have "Admin" permission Those that are not in the table at all and have "Browse" permission. Right now, I'm just casing out on the permission and enabling/disabling buttons/controls based on permission in each

Microsoft Access / VBA

5159

Audit Users/Login databases/tracking

by: MUHAMAMD SALIM SHAHZAD | last post by:

dear respected gurus, I would like to share ideas...as i learned from you and wish to tell that i had developed the system where i can audit each and every users and their actions(like add/edit/save/cancel/unco) =======================start of modules======================================= Option Compare Database Option Explicit

Microsoft Access / VBA

7306

How to access currently logged in user from Active Directory. (Without custom login page)

by: anonymous | last post by:

Hi all, I've been searching the way to achieve the following task. But no luck so far. I have a web site(main site), which requires authentication. This authentication is set at Windows directory level, so user will see the pop up gray box in order to log in rather than custom web page. The username and password are stored at active directory level, thus this is the windows integrated security.

C# / C Sharp

2173

Any problems with writing the information into a file - Multi-users perform writing the same file at the same time ????

by: HNguyen | last post by:

Hi, I have a Web application in ASP.NET. My Application allows the users upload files into the server after checking their user names and passwords. For each transaction, the Web program will write the information about user name, filename upload, filesize, date and time of uploading into the log file. (The name of the log file is constructed by Current Year and Current Month in my program). Is there any problems with writing into the...

ASP.NET

2444

Customize DSN Login Screen

by: bala | last post by:

Hi Gurus The scenario A MS Access frontend application with Oracle Backend (Linked Tables). The Database UserID and password is not stored and each user has a unique UserID and password. There is no common database UserID and password. Each time the user logs in, the DSN UserID and Password screen is displayed. It has three input box and they are

Microsoft Access / VBA

1143

passthrough login from alternate technology

by: =?Utf-8?B?V2ViQnVpbGRlcjQ1MQ==?= | last post by:

I have that ability to pass userid and password (encrypted) to a coldFusion section of a web site. I'm able to decrypt and run the login and continue through that section of the site. At this time i need to do the same from Coldfusion to Dot.net. Given i have an encrypted value passed to Dot.Net that equals a userid and then i can get the correct password. How or where on any selected page can i authenticate the user. 2. if this is not...

ASP.NET

3241

Extension of LogIn Table to display form based on user status

by: JodiPhillips | last post by:

G'day, I have a silly and simple problem that I need some guidance with. Due to the way our network is set up, I am unable to use the group permissions for Access and have had to implement log in procedures via a log in table within the database. This works fine. I have now expanded this table to include further data about the authorised user – Power User, Team Leader, & Facilitator. Depending on the user’s status as to which one of...

Microsoft Access / VBA

8397

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8827

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8732

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8605

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6167

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5632

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4315

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2731

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

1620

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General