ASP.NET: How to limit access to a page to just one user?

Question

How to restrict the page by accessing only one user at a time. Using asp.net can i use global.asax, is there any other way to restrict, if one user accessing the page, another user not able to access that page. we have to give message that one user is accessing the page. is it possible. can you help me or give some reference.

Answer 1

Based on this:

yeah sure, jupaol, it is depend on accounts, in my web application, one report has to approve only one user, but the approve authority having two users. if both of them accessing the same page and approve at a time, it will big mess. here i an not using database.

The problem is related with concurrency, there are several ways to face an issue like this, for example the easiest one is to use optimistic concurrency. Even when you are not using a database for this, you can emulate it.

You should be storing the result of the approvers somewhere, in order to mark the report as approved, with this in mind you should be able to do something like this:

1. Before render the page get the latest report status
2. If the report has not been approved, render normally
3. If the report was approved seconds before, render it in read-only mode reporting who approved it (or similar approach)
4. Add a validation to your ChangeStatus method, in this method do the following:
   1. Get the latest status of the current report
   2. If the report is still not validated, then block the thread (you could use a Mutex or similar) and mark the report as validate it
   3. If the report was already validate it, raise a domain exception and handle it in your page correctly (perhaps render the page in read-only mode explaining that the report was already validate it)

If you want a more responsive application, (RIA), you might want to consider the following approaches:

• Perhaps this would be the worst approach but it's still an option, you could keep a log tracking when a user request your page, then in subsequent requests check if the log is still valid, if it is not, then redirect to another page indicating the page is in use, otherwise allow access to the page. I believe this is an error-prone approach because you would be relying on this simple validation in order to prevent an inconsistency in your system, besides you would have the polling problem described in the following approach

• Using AJAX to poll data from a service checking if the report has been approved. Perhaps this is the easiest way to accomplish this but it is not recommended it, because you would be polling your server constantly, and eventually you would have scalability problems

• You could use Comet to get notified to the browser (client) whenever a server event has occurred, in this case when your report has been approved. The problem with this approach is that you have to keep an opened connection with the server in order to get notified.

• The last approach and the most recommended these days is to use Web Sockets, this is the technology used in StackOverflow to get notifications in real time.

Answer 2

Although there are probably many better ways of dealing with this sort of problem, I'm going to assume that you do actually need this.

What I would do:

Make your application so that when the page is loaded(when it isn't "locked"), it logs to a database that the page was loaded and "lock" it. In the actual page, I'd have some kind of AJAX to constantly poll the web server every 5-15 seconds to tell your application the user is still on the page. And then make it so that the page becomes unlocked after 5-15 seconds from the time saved to the database by the last AJAX call.

Again, I really suspect that there is a better way around an issue like this, but this is a direct answer to your question