Jim Lawrence
accessd at shaw.ca
Tue Dec 18 08:39:15 CST 2007
The link is a great piece and example of code, William. The one comment I make about the code sample is that a large professional site should never use 'sa' login style; they should use user groups or windows authentication instead. Jim -----Original Message----- From: dba-vb-bounces at databaseadvisors.com [mailto:dba-vb-bounces at databaseadvisors.com] On Behalf Of William Hindman Sent: Tuesday, December 18, 2007 12:24 AM To: dba-vb at databaseadvisors.com Subject: Re: [dba-VB] ASP.NEt 2.0: Forms Authentication: how to preventusingthe same login *second* time from another PC when this loginis in use in active session? http://www.eggheadcafe.com/articles/20030418.asp ...maybe this is closer to what you are after. William ----- Original Message ----- From: "Shamil Salakhetdinov" <shamil at users.mns.ru> To: "'Access-D - VB'" <dba-vb at databaseadvisors.com> Sent: Monday, December 17, 2007 4:41 PM Subject: [dba-VB] ASP.NEt 2.0: Forms Authentication: how to prevent usingthe same login *second* time from another PC when this loginis in use in active session? Hi All, I can't find answer/solution for the subject question: - isn't it built-in in ASP.NET 2.0 Forms Authentication? - Am I missing its description somewhere in MSDN or on Web? Here is the issue I wanted to solve: - Forms Authentication is used for and ASP.Net application; - there are two (or more) test PCs; - there are two (or more) testers using these PCs; - these two (or more) testers have a set of shared test login/passwords pairs; - when a certain login/password is used by one tester then ASP.NET application shouldn't allow to use it again from another test PC (or from the same test PC but in another browser instance); - on the other hand if the session where a certain login used expires then obviously this login could be used on the second PC etc.... I'm looking and I can't find something like a simple function, which I expected should have been built-in in ASP.NET Forms Authentication (System.Web.Security.FormsAuthentication class or related classes) 1. DoesGivenLoginHasAnActiveSessionRunning(<loginName>) ... ASP.ET does gave an event which fires when Session expires - this is [Global.asax].Session_End(...) but it fires on time-out only, which is usually about 20 minutes... Now imagine that a certain login was used, and the browser in which this login was used exited but ASP.NET application on server "doesn't know" yet that the browser exited and this ASP.NET application has to keep continues to keep application state related to login and until Session_End(...) fires this state will be kept, and ASP.Net application will not let to login using the same login, which actually has a "dead session" hanging on server... I can implement "session hijacking & killing" IOW when the same login/password is used while there is a live session running on server side then this second login "kills" first session. That solution looks rather simple to implement but is that the only option? Am I missing simple solution of the subject issue? Thank you. -- Shamil _______________________________________________ dba-VB mailing list dba-VB at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-vb http://www.databaseadvisors.com _______________________________________________ dba-VB mailing list dba-VB at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-vb http://www.databaseadvisors.com