如何防止单个用户名的多次登录

时间:2016-04-01 12:18:02

标签: c# asp.net multiple-login

如何防止单个用户名的多次登录?我在数据库中保存用户名和密码。我希望用户一次只能从一个地方登录。

有关如何配置ASP.NET应用程序的更多信息,请访问http://go.microsoft.com/fwlink/?LinkId=169433

以下是我尝试过的代码

配置文件

<configuration>                             
    <system.web>
        <compilation debug="true" targetFramework="4.5" />
        <httpRuntime targetFramework="4.5" />
        <httpModules>
            <add name="SingleSessionEnforcement" type="SingleSessionEnforcement" />
        </httpModules>
    </system.web>
    <system.webServer>
        <validation validateIntegratedModeConfiguration="false"/>
        <modules  runAllManagedModulesForAllRequests="false" >
            <add name="SingleSessionEnforcement" type="SingleSessionEnforcement" />
        </modules>
    </system.webServer>
</configuration>

班级档案

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;

namespace Demo1
{
    public class SingleSessionEnforcement : IHttpModule
    {
        public SingleSessionEnforcement()
        {
            // No construction needed
        }

        private void OnPostAuthenticate(Object sender, EventArgs e)
        {
            Guid sessionToken;

            HttpApplication httpApplication = (HttpApplication)sender;
            HttpContext httpContext = httpApplication.Context;

            // Check user's session token
            if (httpContext.User.Identity.IsAuthenticated)
            {
                FormsAuthenticationTicket authenticationTicket =
                                            ((FormsIdentity)httpContext.User.Identity).Ticket;

                if (authenticationTicket.UserData != "")
                {
                    sessionToken = new Guid(authenticationTicket.UserData);
                }
                else
                {
                    // No authentication ticket found so logout this user
                    // Should never hit this code
                    FormsAuthentication.SignOut();
                    FormsAuthentication.RedirectToLoginPage();
                    return;
                }

                MembershipUser currentUser = Membership.GetUser(authenticationTicket.Name);

                // May want to add a conditional here so we only check
                // if the user needs to be checked. For instance, your business
                // rules for the application may state that users in the Admin
                // role are allowed to have multiple sessions
                Guid storedToken = new Guid(currentUser.Comment);

                if (sessionToken != storedToken)
                {
                    // Stored session does not match one in authentication
                    // ticket so logout the user
                    FormsAuthentication.SignOut();
                    FormsAuthentication.RedirectToLoginPage();
                }
            }
        }

        public void Dispose()
        {
            // Nothing to dispose
        }

        public void Init(HttpApplication context)
        {
            context.PostAuthenticateRequest += new EventHandler(OnPostAuthenticate);
        }
    }
}

ASPX.cs 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace Demo1
{
    public partial class login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            //TextBox userNameTextBox = (TextBox)LoginUser.FindControl("UserName");
            SingleSessionPreparation.CreateAndStoreSessionToken(userNameTextBox.Text);
        }

    }
}

ASPX 

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="login.aspx.cs" Inherits="Demo1.login" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            Name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    <asp:TextBox ID="userNameTextBox" runat="server"></asp:TextBox><br/>
            Password:    <asp:TextBox ID="PasswordTextBox" runat="server"></asp:TextBox><br/>
                    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            <asp:Button ID="Button1" runat="server" Text="Button" OnClick="Button1_Click" />
        </div>
    </form>
</body>
</html>

它给出了这个错误:

  

无法加载类型'SingleSessionEnforcement'   描述:执行当前Web请求期间发生未处理的异常。请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息。

     

异常详细信息:System.Web.HttpException:无法加载类型'SingleSessionEnforcement'。

请参考附带的错误图片:

Error image

请指导我解决问题。

2 个答案:

答案 0 :(得分:1)

type属性需要包含命名空间:

<add name="SingleSessionEnforcement" type="Demo1.SingleSessionEnforcement" />

答案 1 :(得分:0)

希望到这个时候你可以得到解决方案。如果没有,请参阅下面的评论:

问题出在web.config文件中。 Httpmodule只能在配置文件中启动一次。

如果是IIS 7.0或更低版本,请在system.web中使用以下内容, <httpModules> <add name="SingleSessionEnforcement" type="SingleSessionEnforcement" /> </httpModules>

如果是> IIS 7.0,在system.webServer中使用以下一个, <modules> <add name="SingleSessionEnforcement" type="SingleSessionEnforcement" /> </modules>

相关问题
最新问题