Wrox Programmer Forums
Go Back   Wrox Programmer Forums > .NET > Other .NET > ADO.NET
Reload this Page Ristricting User Access to one
|
ADO.NET For discussion about ADO.NET.  Topics such as question regarding the System.Data namespace are appropriate.  Questions specific to a particular application should be posted in a forum specific to the application .
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ADO.NET section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 1st, 2004, 12:13 AM
Authorized User
  
Join Date: Apr 2004
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to ranakdinesh
Default Ristricting User Access to one
 i have to create a web site whose access is allowed only those users which have there user name and password. username and passwords are stored in a database.the problem is we want that if a user has logged into the website from one point he is not allowed to login from another point Simuntaniously. at another point it is only possible if he log off from first point

dinesh Rana
__________________
dinesh Rana
 
Old July 1st, 2004, 01:53 AM
Friend of Wrox
  
Join Date: May 2004
Posts: 120
Thanks: 0
Thanked 1 Time in 1 Post
Default
hi i think if u can use Session And Application Object And save a value in a session object and check it using client-side scripting asp.net or asp if and check this value in each page if this value is set to propper value it denote that it is a trusted member that logined using a username and password niether Redirect to special page if it is not correct any one notify me.
Thanx YoOrD.
 
Old July 1st, 2004, 07:33 AM
planoie's Avatar
Friend of Wrox
  
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default
You are going to have to save a login and some kind of timestamp into some persistant medium (file or database) because a second client session can only validate a login against that shared persistant medium.

You need to save some timestamp because if the user never actively hits "log out" then you could potentially have a user who is never logged out, so can therefore never log in at a new location. This timestamp would serve as the user's login expiration.

The login routine can validate the login, then check this login table to see if that user already has a valid (not expired) login entry. Either an expired entry or none at all indicates permission to log in.
 
Old July 1st, 2004, 09:25 AM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
Default
This is "technically" not possible- this is because web sites are stateless and the only time someone is actaully "logged in" is while they are downloading the page.

As suggested, you would need to create a session for the user with a login window.. and say that the user is "logged in" for X number of minutes after last contact- and not let any other connection happen in that timeframe, unless it had the right session attached to it. Of course, this causes a problem if the user has their machine crash... they can't login for 20 minutes until the session expires.. Or if they close their browser... or if.. or if....

There are lots of reasons this is going to be a dificult and "email creating" solution... Based on your posts, I'd reconsider this client :)


Hal Levy
Web Developer, PDI Inc.

NOT a Wiley/Wrox Employee
 
Old July 1st, 2004, 09:48 AM
Authorized User
  
Join Date: Apr 2004
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to ranakdinesh
Default
Hal levy this is the same problem that i am currently facing and it is very much required for me to restrict the access of a user once at a time
is it possible that if a user tries to login again from another location his login automatically axpires from the first location.

dinesh Rana
 
Old July 1st, 2004, 09:55 AM
planoie's Avatar
Friend of Wrox
  
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default
Can you clarify what your goal is? Do you want to restrict access to only one person at a time or restrict one single user from accessing from more than one location (but multiple different users can be on at the same time)?
 
Old July 1st, 2004, 10:54 AM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
Default
ok, first, using my full name creeps me out.. Hal is fine.

Second.. I am not having the problem- I am telling you how to build what your looking to build. Like always, I won't write it for you- I'll point you in the right direction.


Hal Levy
Web Developer, PDI Inc.

NOT a Wiley/Wrox Employee
 
Old July 2nd, 2004, 03:11 AM
Registered User
  
Join Date: Jul 2004
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Store the client IP address (using request.hostaddress) as well as the user name in session. Use both of these attributes to validate the login.

Nothing is Impossible
 
Old July 2nd, 2004, 07:30 AM
Imar's Avatar
Wrox Author
  
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default
You can also so this without storing the info in session and application state if you're willing to take a performance hit.

In an application I built a while ago, I had the same requirement. We ended up updating the LastHit table on *every* request made to the server, through a simple include file. This table holds the date and time of the last hit and the ID of the user in the User table.

A user's session would time out after 20 minutes (you can do that with sessions, or with a cookie that is valid for 20 minutes). As soon as the same user tried to log in within these 20 minutes (by querying the LastHit table), we would not allow him in.

Personally, I didn't feel comfortable with this requirement. Our client insisted, but if I had to do it all over again, I would insist more on *not*doing it. There really isn't a point anyway. If you consider the stateless nature of the Web, the client is not logged in anyway, although you fake around a bit. The idea is that it really doesn't matter what "terminal" the user uses to access your site. Who cares anyway? As long as you know who you're dealing with.
Is there any particular reason for this requirement?

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Forfeit by Chevelle (Track 8 from the album: Wonder What's Next) What's This?





Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple user access to Access thutt Access 6 December 21st, 2005 10:23 PM
User Access mattastic SQL Server 2000 1 July 6th, 2005 08:24 AM
User Access mattastic SQL Server 2000 1 October 1st, 2004 05:41 AM
Access denied for user wisconsin MySQL 13 June 17th, 2004 08:46 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.