Asp. NET program single client (browser) login implementation scheme

Requirement Description: When the user's account is logged in in another browser, the login of the current browser needs to be forced offline. This requirement is common in business systems, or paid video service sites.

This requirement, which I call "single-client (browser)", is fundamentally different from single sign-On (SSO), and the implementation of SSO can refer to one of my other articles: anyone can read the single sign-On (SSO) implementation method (with source code)

For the implementation of this function, I am divided into three links:

1. User Login.
2. Process user requests.
3. Heartbeat request, Keep Alive.

User Login

We use Forms authentication to achieve user login, there are a lot of references online, I also wrote a related article: ASP. NET Forms Authentication

Before we start, however, we need to define a table to store the logged-in user, and the table Loginuser is structured as follows:

• UserID: ID of the currently logged on user
• Logintime: Logon Hours
• ClientIP: IP for Client
• UserAgent: UserAgent of the user's browser, usually we can assume that clientip+useragent represents a client.
• Lastrequesttime: Last request time, used when keeping heartbeat

Such a few fields will basically meet our needs, followed by the user login flowchart:

Handling User Requests

When the user requests the website resources, the FORMS authentication will authenticate the user identity according to the ticket information stored by the client, the process of user authentication is as follows:

With the above two processes, the need for single-client sign-on has been basically implemented. However, there is a disadvantage, that is, only when the user makes a request to the site, the client will know that they have not been forced to quit. To solve this problem, we introduced a heartbeat request.

Heartbeat Request

Heartbeat requests are timed by Ajax to send a request to the server to ensure that the current session is always valid.

Here we use a heartbeat request to add a parameter to the server's return data that is forced to exit, allowing the client to know in a timely manner whether or not it is forced to exit. When a client receives a forced exit message, it can use JavaScript to implement functions such as reminders, jumps, and so on.

The heartbeat request is the same as a normal Web request, except that when the client receives a return message from the server, it needs to determine whether it needs to continue to maintain the heartbeat or end the heartbeat, prompting the user to be forced to quit.

Fei Qi ([email protected])

Original link: http://www.qeefee.com/article/000557

Asp. NET program single client (browser) login implementation scheme