vol*_*st7 3 c# asp.net webforms asp.net-identity
我有一个 ASP.NET Web 窗体应用程序。此应用程序不会在内部使用,而是会安装在服务器上并出售给将在内部使用它的客户。
因此,我们限制了可以访问它的用户数量(不同的包:10、25、50 或无限制)。然而,问题是,对于 ASP.NET Identity,允许并发登录。这意味着如果客户拥有 10 个用户的系统,他们都可以以同一用户身份登录,并且实际上拥有无限制的用户访问权限。因此,如果“Dave”以 Dave 的身份登录,那么 Jim 可以以 Dave 的身份登录,Bob、John、Stacey 和任意数量的人也可以如此。
如果是同一用户,我缺少的是一种强制并发登录注销的方法。因此,如果 Bob 尝试以 Dave 的身份登录,则 Dave(原始登录)将被注销。
我找到了几个可以解决这个问题的例子,但它们有点过时了,而且是针对 MVC 的。
I was able to solve the issue by utilizing cookie authentication and an asynchronous method to update the security stamp.
Basically, the user's login information is stored in a cookie, which gets validated on every page load. When someone else logs in with the same username (or the same user logs in with a different browser), it updates the security stamp (causing invalidation for anyone currently logged in) and then proceeds to log the user in, using the updated stamp. On the login screen, my "Login" button's LogIn event is:
protected async void LogIn(object sender, EventArgs e)
Then below in the body of the method, we have:
await signinManager.UserManager.UpdateSecurityStampAsync(user.Id);
await signinManager.PasswordSignInAsync(Username.Text, Password.Text, true, false);
Response.Redirect("~/Default.aspx");
This will ensure that every time a user logs in, their SecurityStamp is updated and stored in the database. And as long as the user goes back to the site in the same browser, then their login will be persisted. However, if any user comes behind them in a different browser and logs in using their same credentials, then the first account will be logged out.
| 归档时间: |
|
| 查看次数: |
1013 次 |
| 最近记录: |