Reputation: 2434
How to restrict user from same Username and Password to logic from two system/browser in asp.net mvc 4.0?
I've created a asp.net mvc4 web site. I've implemented Form authentication also. In this web site i want to block access to my web site client in a same time (if a client of my website is already open his or her account in a computer then that client can not get any permission to open that same website on the same time in other computer or any other browser of the same system).
I want to provide one paid service to user, and I don't want him to just share his username and password with many people to use my service simultaneously without paying for it. please help me soon
How can I implement this. do i need to maintain some login information in database or is there any built in tool available for this.
Upvotes: 1
Views: 934
Answers (3)
Reputation: 33538
To my knowledge there is nothing built in, but you may be able to implement your own version of the ASP.NET authorization providers.
Upon successful login you would need to store the value of the FormsAuthenticationTicket in your database and associate it to your user record.
On every page load you would need to check the value of the ticket against the database record for that user. In case of mismatch the user would be logged out.
Using this approach if User A and User B were using the same credentials, User A was logged in and if User B then logged in, it would invalidate User A's session and they would not be able to view content at the same time. You could also log the activity when a session is overridden, along with IP address and User Agent to help you identify users that are sharing account details.
Upvotes: 3
Reputation: 4069
I think David has already given most of the idea (+1) , However for problems like closing browser without logging out, You can handle it in window.unload() event for setting the flag in your table .
Upvotes: 0
Reputation: 34563
This feature is not built in.
I would add an "IsLoggedIn" bit column to my "User" table. Then you could check this column to see if the user should be allowed in.
The problem is going to be knowing when that flag should be set to false. It's easy enough to set the flag to false if the user clicks "logout" or in the "on session end" event, but I think you'll run in to cases where that's not good enough. For example, if a user logs in from a laptop and the laptop's battery fails, you aren't going to get any notification from the client that the user has left...
Upvotes: 1
Related Questions
- ASP.NET MVC - Same authentication between two applications
- How to do Forms Authentication Across Applications in asp.net mvc
- Prevent multiple login of same account in Asp.Net MVC5 Razor application
- ASP.NET MVC Windows Authentication sign in as different user
- how to restrict a user to access website on single machine in asp.net
- Log someone out if the same credentials is used to log in from another web client
- MVC Forms Authentication for multiple systems
- ASP.NET prevent the same user being logged in multiple times
- C#/ASP.NET MVC: how to register/log in a different web application if I know username & password?
- How to restrict the user that is already connected