I have count the number of online user to the web server. I have created the username & assign the password to individual computer then using this user name user can access the main page & after login user I have add the username, session ID, IP address in datatable. If i user already connected from another computer then same user access the information from another computer then user first disconnect the already connected from current computer using kill the session from sessionID . then another computer functionality automatically disabled to user then user can start the new session for current computer.
How to kill the session from Unique sessionID & disabled the all functionality of the another computer user?
i would try it this way :
On login generate a random string, write it into a session variable and store it in database, then in ur page compare this values against each other to verify user access. this way a user can be logged on only once.
you can use this code:
Session.Remove("keyOfSession");
For example you could have a property object in your ApplicationInstance, such as a Dictionary :
Key would be the userId
Value would be a list of KeyValuePair where
KVP Key would be user IP
KVP Value would be a WeakReference to a session object
At the end of a Session_Start, you insert an item in your Dictionary=>List for the corresponding user and IP holding a WeakReference to the Session object.
Then, you also End() all other not null, weak referenced, Session objects for this user and other IPs (be aware that some users access the internet through dynamic proxies that may change between requests)
Related
I have a SignalR Chat that is available to anonymous users. I need a way to map the users so that the connections persist on page reload, and if the user has multiple tabs they should get the message displayed on every tab.
If I use Context.ConnectionId, every page reload creates a new connection. I want to map these connections using Single-user groups.
For logged-in users, I use Context.User.Identity.Name:
Groups.AddAsync(Context.ConnectionId, Context.User.Identity.Name);
Is there a similar way to get an anonymous user's "identity"? From what I have read, session is not supposed to be used in the SignalR hub, but all the information I found is old, so I may be wrong here.
When you reload a page the existing connection will be closed and a new one will be opened. The new connection will have a new connection id and on the server side you will not be able to tell what user initiated it. Depending on your circumstances you could try identifying the user by their ip addresses - i.e. you would store the user ip when the connection is open and then, when a new connection is opened you would check if you have already seen the ip. This may not work however because the same user can actually have different ips and multiple users can have the same ip. Another method would be to send a client side generated identifier in the query string when opening the connection and use that to identify the same user on the server side.
You must implement some mechanism to create unique ID for each user.
I would do something like following
Before user actually connects to Hub i would create a unique ID and
store it in cookie
set the query string for signalR URL with the value of this cookie so
that each call to hub will avail with the user's ID
now even when the user refreshes the page, the old connection would
automatically get removed from the group by signalR and you can
continue adding new connections mapped against the uniquely generated
ID.
I built an c# desktop application for attendance
application is working fine when i run it on single machine and all is good..
but now issue is ... my boss want this application should work on LAN and every client can access application from server
but i used static variables which store some values at run time and then i utilized these values in next forms.
here is example..
on login form username is stored in static variable as
public static string username;
username = txtUser.Text.Trim().ToString();
and in next form which is Home Page this user name is used as
lblName.Text = Login.username;
here lblName is name of label and Login name of Login form
when i configure this application on LAN then may be at same time more than one user will be logged in and want to access application then each user should see his/her own username....
e-g abc is user 1 and xyz is user 2
if both are logged in at same time then i want abc to see
lblName.Text = "abc"
and xyz to see
lblName.Text = "xyz"
so what should i do to handle this job?
i need not to mix up any information between users...
i used c# windows app.
thanks in advance.
I assume you use static variables on server-side, right?
So, your issue happens because you use static variables.
Static variables are consistent in your class during all period of application is running. And that fields are shared between ALL processes which can use that class. Static variables was designed for this.
As a possible quick solution you can generate something like unique session Id. During client logs in to your system - you need just generate that id on client's side, send it with login information to server. In case of successful authentication server will store id in cache a key. And value of the cache can be object with user's name and other needs.
Every request to your server should be followed with that id. So your server will always know which user it is.
If you need more detailed answer please provide more information about app network structure and it's modules.
i have active directory configured and i have added two user x and y and my domain is DOMAIN. And i have created an application where i these two can login with their username DOMAIN/X and DOMAIN/Y. But Here's the scenario i will add the intended user details into the database like their username and password and I want to show a login button without username and password fields who were within my LAN and i should be able to get the PC name and then i will verify it across username which i have saved in Db and get the username and password to validate him. So basically is there any way to get the Computer name from where the user tried to access the application within my LAN
you can use this piece of code to get the pc name
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
but if you will be saving the name of the pc as just the name it might end up having more then one name of the same.
if its just for each computer you want to register I would suggest going for MAC address
not sure exactly how its done but maybe this link will help you
MAC Address
We are successfully able to download an attachment from the particular mail in Lotus Notes using Interop.Domino for the logged in user.
But we are trying to access other person's mailbox( eg. group mailbox) from the user who is logged in. User has access to other person's mailbox.
In above case, we have MailServer and MailFile name but not sure how to use it without having the ID file.
Any pointers would be really helpful. Thanks in advance.
You don't need to change the user ID if the current user ID has access to the other mailboxes. You can check this in Notes Client in the database's Access Control List.
You get connected with a (mail-)database with
NotesSession.GetDatabase( "MailServer", "MailFile.nsf", false )
In general: with the Notes user ID you log in you get access to all databases and servers in Notes/Domino with the permissions set for this ID in Domino Directory or database's Access Control Lists.
HI,
I am doing ERP solution in C#(2.0) windows application and SQL2005 Database.The network application communicate through Database.I used normal technique for user login and logout, keeping a status bit.My problem is that when my application interrupted with any other reason user status might not change.That will cause the user can't login at next time.How can I solve this problem? Could you give any new technique for user manipulation?
How about keeping track of user logins by maintaining a session for each login? The quick-and-dirty solution is to then offer an option to have them login from a "new location" and invalidate the old session. Then when you go to perform an operation, first check if the session is still valid.
The better implementation is to keep the session alive and specify a timeout. (i.e. if the session is x-minutes old, invalidate it.) Then you won't see "phantom logins" from old orphaned connections - they automatically expire.
If your intention is to disallow sharing of one username on different computers, after logging with valid password, log the unique token on that computer to staff.last_logged_at = #unique_token. On logout, set staff.last_logged_at = ''. This way even if the computer was interrupted(program crash due to virus, or accidentally pressed the reset button of the computer, etc, hence last_logged_at was not reset to '') the user can still logged in, just check if the token of the computer the user is currently logging in is same with last_logged_at. If it is the same, he/she can still logged on.
If some user tried to login using the username of other user, just check if the machine token of some user's computer is the same with the other user's last_logged_at, if it is not equal, disallow logging in, it means two users share the same password.
Now the scenario if the computer crashes really hard (processor melts, hard disk crash, OS needs reinstalling, etc). User must be allowed to use other computers. Make an administrative module that can reset the last_logged_at of the user.
For #unique_token, just use anything that is unique and permanent on a computer, let's say MAC address, or hash anything on OS settings.
pseudo code:
Logging In:
if (select count(*) from staff where staff_name = #staff_name and password = 'correct' and (last_logged_at = '' or last_logged_at = #unique_token) ) <> 0 then then
-- allow login
update staff set last_logged_at = #unique_token where staff_name = #staff_name
else if (select count(*) from staff where staff_name = #staff_name and password = 'correct' and last_logged_at <> #unique_token) <> 0 then then
-- disallow login
throw exception "You cannot use the same user name on two or more computers. Contact the administrator if you have any concerns"
else
-- disallow login
throw exception "Wrong password"
end if
Logging Out:
update staff set last_logged_at = '' where staff_name = #staff_name
There are two common answers here:
if you try to log in, and are already logged in, offer to break (reset) the existing login
use a polling/timeout - i.e. have the app call a method every 2 minutes (for example) that updates a "last heard from"; if you haven't heard from somebody in 5 minutes (for example), then clear the flag
Why limit the number of times a user can login? In Windows it is common to start multiple instances of an application.
I must admit, I my Windows App there is also a part only one user is allowed. To see if other users are connected I use something like the polling algorithm from Marc. With an option to force the entry.
An update of the lock record once every minute, or two minutes is not that resource intensive (unless you have thousands of users).