问题
One of the security requirements for my web based system is to prevent people logging in as the same user on different machines at the same time.
E.g. to ensure that people cant all log in using the same password/share passwords.
Is there a way to achieve this using the ASP.NET membership provider. Will I need to manually store info on each session and if so is this reliable?
回答1:
Check System.Web.Security.MembershipUser.IsOnline when the users is logging in.
回答2:
There are no good standard way to do this. There is one thread on forum.asp.net about implementing similar functionality. Hope it will help you.
But be aware that this sometimes will not work. Even if you implement your own checker which will store information about ip, mac and browser in session the user can use virtual machines (VirtualPC for example, or XP Mode in Windows 7) to pass over these checks (e.g. ip, mac and browser capabilities will be the same).
来源:https://stackoverflow.com/questions/937048/asp-net-membership-preventing-people-logging-in-as-the-same-user-on-different-ma