martin_d_bell Posted April 5, 2005 Posted April 5, 2005 Hi, I have successfully setup forms authentication using a SQL Server database to store Usernames, Passwords and Session variables to pass user information between pages within my ASP.NET vb application. I have come across a problem however when more than 1 person logs in using the same username and password. How can I check if a user is logged in already in another session within the application? If I can check whether a username is already in use (logged in) then I can stop the second person logging in using the same name and therefore eliminate the problem. Any help would be appreciated, thank you. Martin Quote
eramgarden Posted April 5, 2005 Posted April 5, 2005 maybe have a cookie...when users log in, keep track of it in that cookie. When they log out, delete it from the cookie. Always check the cookie when someone logs in... Or do this in a database table. Quote
martin_d_bell Posted April 5, 2005 Author Posted April 5, 2005 Cookies or database table Hi, Thanks for your suggestion but how can I track that a user has logged out of the application if they simply close the browser. I may be wrong in thinking this but isn't the sub which is triggered on exit unreliable? I need a solid method of knowing when a user logs out. Quote
Administrators PlausiblyDamp Posted April 5, 2005 Administrators Posted April 5, 2005 In simple terms, you can't. You could provide them with a logout button and hope they remember to click it before closing the browser down, or failing that you will have to wait for the session to expire (default 20 minutes). A more fundamental issue is why more than one person is using the same accoun, if both users need access why not have a seperate account for each? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
martin_d_bell Posted April 6, 2005 Author Posted April 6, 2005 More than one account The users will be given seperate usernames but they are all going to be 1 digit off each other, for example, pro1, pro2, pro3. I cannot use real names as users because the users will change from time to time. I guess the only way around this is to hope that nobody logs in under the wrong name whilst someone else is logged in. The error message is messy you see and if I could stop them logging on in the first place it would be much tidier. Quote
Diesel Posted April 6, 2005 Posted April 6, 2005 Martin, did you get the login to work? Can your page recognize who is logged in? Can you post the core code. I have a database login, but the cookie is never created. Quote
martin_d_bell Posted April 8, 2005 Author Posted April 8, 2005 Login My login works using Forms Authentication in the Web.Config and checks for users in a SQL Server table. Is this the type of solution you need? If so the code is below: -------Web.Config------------------ <authentication mode="Forms" > <forms name="AuthCookie" path="/" loginUrl="logon.aspx" protection="All" timeout="30"></forms> </authentication> <authorization> <allow users="*" /> </authorization> ------------------------------------- replace "logon.aspx" to the page you want users directed to if they are not logged in ------------logon.aspx-------------------- Public Sub cmdLogin_Click(ByVal sender As System.Object, ByVal e As System.Web.UI.ImageClickEventArgs) Handles cmdLogin.Click ' Tests There is A User name Dim cIn As Integer = 0 If txtUser.Text <> "" Then SqlDAConfirmUsers.SelectCommand.CommandText = _ "SELECT userID, UserName, Password, SupplierID, AccessLevel FROM Users_Table" & _ " WHERE (UserName = '" & txtUser.Text & "' )" & _ " ORDER BY UserName" 'Fills the Dataset SqlDAConfirmUsers.Fill(DsConfirmUsers1.POP_Confirmation_Users) 'Check that the users name is in the dataset If DsConfirmUsers1.POP_Confirmation_Users.Rows.Count < 1 Then Label1.Text = "Your Username was not recognised" Exit Sub End If 'Check that the username is not in the dataset more than once If DsConfirmUsers1.POP_Confirmation_Users.Rows.Count > 1 Then Label1.Text = "Username is duplicated, please contact the Administrator" Exit Sub End If 'Loops and Checks if the password is correctID Dim cTable = DsConfirmUsers1.POP_Confirmation_Users Dim cRow = DsConfirmUsers1.POP_Confirmation_Users.Rows For Each cRow In cTable If cRow("Password").ToString = Me.txtPassword.Text Then cIn = 1 'These session variables carry the UserID, AccessLevel and SupplierID through to any page within the application Session("UserID") = cRow(0).ToString Session("AccessLevel") = cRow(4) Session("SupplierID") = cRow(3).ToString 'This line lets the user into the system once all usernames and passwords are verified in the database FormsAuthentication.RedirectFromLoginPage(txtUser.Text, False) End If Next 'Incorrect password If cIn = 0 Then Label1.Text = "Your Password is Incorrect" DsConfirmUsers1.Clear() End If 'Incorrect username Else Label1.Text = "Your Username was incorrect" End If End Sub Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.