Security :: Controlling Number Of Simultaneous Web Users?
Nov 22, 2010
I have an asp.net 3.5 web application for which the client has requested that the security model allows (a licensing model) restricting the number of simultaneous users logged onto the website. I am not sure how this is achievable - I'm currently controlling membership via the AspNetSqlMembershipProvider.
We have implemented the ASP membership and roles..and we would like to display the users currently logged in and also display the number of users online so we can display that on the page. The list of users woudl only be available to our admins. BUt the number of users will show for everyone.
My environment is ASP.Net + IIS 7.0 + Windows Server 2008 + .Net 3.5. I am wondering whether the number of users online and number of active session are the same thing? The other question is, no matter whether they are the same, how to calculate them (i.e. for a given time, what is the number of users online, and related active number of sessions)?
In my website project, i have not used any controls like login, createuser, forget pass etc. However, i can login, create user, recover password, change security question etc, using only code-behind programming. mean without using any inbuilt security controls as discussed above, i am fully secured but on some points i need little help.I have stored all users credentials in columns named username, password, securityques, security ans, libraryadmin (this is checkbox field), contentadmin (this is checkbox field) etc.I am wishing, when I check in database in fields libraryadmin or contentadmin for any user, he can access to that zone too. Still I am using this feature as given below:
Look at the codes above, in "libraryadmin" directory/zone only username "abhimanyu" is authorized and the same in "contentadmin" directory/zone only "abhimanyu" is authorized.But I am wishing to control such authorization from database where I have stored the credentials. I mean by checking in checkbox field named libraryadmin (this is boolean field) in database that user automatically be authorized, no need to type always in configuration file. you have any idea about, or tell me some articles on it. I know how to manage it from asp.net default authorization and authentication. I just need it manually as I have considered above
If I want limit certain users or user_groups to - create a packing list (which consist of number of items and quantity)and then the creator of the packing list can select users / user_groiups to have right to- read a packing list- update a packing list - delete packing listsCan this be done by a custom made RoleProvider ? How best to implement the authorization ?
I just realized after i created a test account i was not in any roles. Is there a way to automically add new users into the role Users? Have i missed this some where?
I am working on a website in which more than a thousand users can login at a time and there may be more than 50000 total users. I am worried about the performance of the application in case of concurrent access.
what is the best way to manage that, so that my application runs without any performance issues.
what I need to know is how to show a count of how many users are signed on with a custom sql script, here is what i got that shows total users but not total online
[Code]....
Again this gives a total count but i need a total count of who is online with this setting, and try to keep it in sql statement if possible as i have not yet learned how to use stored procedures.
I have got the total number of registered user's and the total number of users online working without any problems after a search on here.
[Code]....
but I would like to expand this a little. Can any one tell me how I would display the total number of users who are approved and the total number who are locked out.
With performance counter to observe the "Sessions Total", I found the # of session stays the same after users logout. Is this expected behavior in IIS7?
I would like to know the number of users logged into my ASP.NET 2.0 application.
Points to be considered:
1) Simplest way would be to use Application or Cache object to have the counts on Session start or end. However this would fail if there is a worker process recycle. Wouldn't it?
2) Should't make a difference whether the session is inproc/state server managed/ or SQL server managed.
3) Should preferably be seamless to a web-farm architecture.
I am using ASP.Net + .Net 3.5 + VSTS 2008 + IIS 7.0 + C# to develop a web application. I want to count how many users are online. This is my current implementation,when Session_Start is called, I will increase # of users online by 1;when Session_End is called, I will descrease # of users online by 1.Two quesitons,A Is that implementaiton correct?B. Another question is, I think this method can not track # of users of real time, since when user closes the browser, Session_End will not be called immediately (Session_End will be deferred to be called). Correct?
I have two text boxes I need a functionality like If I am typing in 1st text box The text should be getting displayed in 2nd text Box with some other font. This is a web Application. And so Text Box doesn't have OnKeyDown event? Do you suggest any way to implement this?Note: I don't want to implement this with Javascript.
I have a website that has 10 aspx pages in it, and I'm trying to count how many users are on any one page at a time, and display that number on the web page. I have set it up to use an Application object ("TotalViewers"), and initialize it to 0 in the Application_Start event handler of the global.asax file. My reasoning (probably way off base) is to increment the count on each page load, and then decrement the count on each page unload. The increment part works ok, but when I add the code in the page unload event handler to decrement, it seems that Unload happens before the Page is presented to the client, so the value always stays the same (adds one in page load, subtracts one in page unload).
How else can I track number of users on each page? (simply, becuase I am still a beginner). I have already done some google searching and haven't come up with anything useful.
All my pages are being navigated via a TreeView control.
I want to know what the members who are online at my site and I can identify them.Do you have an article that identifies registered online users like your site.
I have one application and there are 1500 users of that application.When 200 users logged in application that time login page and other pages of applications are not opend. I want to manage 1000 of users at a time.
I am trying to prevent multiple simultaneous logins in my web application. I want to signout all/any previous authentications of a user when they login. Such that the current login remains the only one.
How do I go about calling FormsAuthentication.SignOut() for a particular user to invalidate any existing authentications.I have tried searching everywhere but no answers, only theories.
I'm after some thoughts on how people go about calculating database load for the purposes of capacity planning. I haven't put this on Server Fault because the question is related to measuring just the application rather than defining the infrastructure. In this case, it's someone else's job to worry about that bit! I'm aware there are a huge number of variables here but I'm interested in how others go about getting a sense of rough order of magnitude. This is simply a costing exercise early in a project lifecycle before any specific design has been created so not a lot of info to go on at this stage.
The question I've had put forward from the infrastructure folks is "how many simultaneous users". Let's not debate the rationale of seeking only this one figure; it's just what's been asked for in this case! This is a web front end, SQL Server backend with a fairly fixed, easily quantifiable audience. To nail this down to actual simultaneous requests in a very rough fashion, the way I see it, it comes down to increasingly granular units of measurement:
Total audience Simultaneous sessions Simultaneous requests Simultaneous DB queries
This doesn't account for factors such as web app caching, partial page requests, record volume etc and there's some creative license needed to define frequency of requests per user and number of DB hits and execution time but it seems like a reasonable starting point. I'm also conscious of the need to scale for peak load but that's something else that can be plugged into the simultaneous sessions if required. This is admittedly very basic and I'm sure there's more comprehensive guidance out there. If anyone can share their approach to this exercise or point me towards other resources that might make the process a little less ad hoc