2

I have implemented a user administration system as per the steps described in the book "Pro ASP.NET MVC 5 Platform" chapters 13 through 15. The code from these chapters are available for free download from the Apress website at http://www.apress.com/9781430265412. I understand this question is probably best suited for someone who has done the same coding exercises, but I hope they and others can help me with this question. The system is based on the Identity framework of the .NET platform. My question is, how can I implement the following requirement for a system that is designed as per the steps of this book:

If a user is logged in, he/she should not be allowed to log in from another browser, and an appropriate message should be displayed. Additionally, a closed browser should be considered as logged off, even if the Log Out button wasn't clicked. Are there some mechanisms in the Entity Framework or Identity framework that would allow me to check in the within the Login action to see if the user is currently authenticated in a session?

Thank you.

Improve this question
4
  • You must use database to save login sessions. Create a table to save login session.Each session with a user id. If user is logged in save into session table. Delete if log out. To prevent login from another browser, just check against session table. You must use ur own way customizing identity system. Commented Jul 1, 2016 at 20:14
  • I agree with Wai. Typically you create a token (I tend to use a guid) at login to save off in the DB. I tend to use custom action filters (registered in the global.asax) to check to see if a session token exists and then handle any redirects that are needed from there. Commented Jul 1, 2016 at 22:58
  • 2
    Related: Prevent Multiple Logins in Asp.Net Identity, Prevent Concurrent Logins From A Single User Account In .NET, How To Prevent the Same User ID from Logging in From Multiple Devices Using ASP.NET MVC4 Commented Jul 1, 2016 at 23:32
  • @NightOwl888 Thanks for the links. I was able to integrate the system from the second article you linked to into my project. However, the extension of the AuthorizeAttribute seems to have caused a side-effect, for which I have opened the question at stackoverflow.com/questions/38254785/… Commented Jul 7, 2016 at 20:34

1 Answer 1

Reset to default
6

If you are using Identity framework, there is a property in the controller called "User" which has a property "Identity" which has a property "IsAuthenticated". Check it out and see how you can use it.

you can use it in your login Action, something like this.

 [AllowAnonymous]
 [OutputCache(NoStore = true, Location = OutputCacheLocation.None)]
 public ActionResult Login()
    {
            if (User.Identity.IsAuthenticated)
            {
                //return Dashboard url
            }
            
        return View();
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Never ceases to amaze me how many oversights there are on these templates. The fact this isn't already in the template is quite frankly pathetic. UNLESS it is by design in order to allow a user to 'go back' and log in as a different user. I don't know...

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.