C# - Limit Only One Session Per User?
May 27, 2010Is there anyway to detect when a user logins if there is already another session with the same username, and block him from logging in again or send him a message?
View 6 RepliesIs there anyway to detect when a user logins if there is already another session with the same username, and block him from logging in again or send him a message?
View 6 RepliesHow do i set a limit for user to sign up in ASP.NET ?
For example, I'm creating a web application using Microsoft Visual Studio 2008 to make it available for users to sign up for the event. But i only wish to allow 10 people to sign up for that particular event.
So what code/thing i need to do to able to set the limit?
I have set Private Memory limit of 200mb in IIS 7 for an application pool. The Private Working Set memory(Task Manager) for the application is always below 125mb but the number of page faults have increased a lot and application cache is getting cleared frequently after setting the limit.
I haven't set any limit on Virtual Memory.why the cache is getting cleared even when the Private memory used is below the allocated memory?
I'm building a web app (VS2010, C#, .NET 4.0) and am aiming to make heavy use of objects. One particular object will be a 'user' object. One of the properties I am exposing for the object is the users Status (e.g. Pending, Active, Suspended, Expired). In the front end this status will be editable and I don't want users of the app to enter invalid statuses (Pendong, New, etc.). I could hard code the valid statuses in the front end making use of a radiobutton list or dropdownlist, but that isn't logically where the valid values should be defined, I would have thought that the objects class would be a better place.Now this leave me with two problems:
Which is the best place to define the valid values? If I add them to the class, how do I read and present them in the front end?I'm hoping that you guys can put me straight here. Are any of my ideas architectually correct, or if not then what would be better.
I've got a form that will be used to send an email from a site. I'm using regular expression validators to limit the input to only appropriate characters in all of the fields. There are two things I want to protect against with the body portion of the email, sql injection attacks and the user entering too much text. The body portion of the email is entered using a text box with text mode set to multi line.
What is the best way to prevent the user from entering too much text and to guard against characters I don't want? I assume a regular expression validator will be ok for this. Will there be performance issues with this? Will the regex validator work well enough for this situation? Is there a better way of doing this?
I have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users.
I'm using the asp.net configuration system for handling authentication and roles. This system limits access based on path so I've been creating duplicate pages for authed and anon paths.The solution that comes to mind immediately is to check roles in the appropriate event handlers, limiting what possible actions are displayed (insert/update/delete buttons) and also limiting what actions are performed (for users that may know how to perform an action in the absence of a button.) However, this solution doesn't eliminate duplication - I'd be duplicating security code on a series of pages rather than duplicating pages and limiting access based on path; the latter would be significantly less complicated.I could always build some controls that offered role-based configuration, but I don't think I have time for that kind of commitment right now.Is there a relatively easy way to do this (do such controls exist?) or should I just stick to path-based access and duplicate pages?
Does it even make sense to use two methods of authorization? There are still some pages which are strictly for either role so I'll be making use of path-based authorization anyway.Finally, would using something other than path-based authorization be contrary to typical asp.net design practices, at least in the context of using the asp.net configuration system?
I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 RepliesLet suppose, I am building an asp.net website which has login scenario in it. I want to provide a certain functionality to the website that if the user is already login on computer 1 and now try to login on computer 2, so he will be allowed to remain login on computer 2, while automatically logout him from computer 1. I also know that http is a stateless medium, so whenever user interact with computer 1 and try to interact with the page, it will get noticed at that time.
View 2 RepliesI have a website live in asp.net
now if user closes browser. the session does not get killed.
I spoke with friend and he said that cannot be done as sessions are on server.
but i see banking website who kills session when browser is closed.
I've a Gmail account, assume that me@gmail.com. Now I want to login (as admin) in my website through this account. I know I can use OpenID etc. for that purpose but I want to limit it for just me only. Can I do this? I don't let anyone else to know which service I used to login and what is my address and etc. (Note: My website contains just one and only one login form, for just me, only!)
View 1 RepliesI have develop a web application. I have put my web application in my server and user can access from any location.
My server regional and setting is English (US). Now my problem is
1) When user access to my system and his pc setting is English (UK), it will prompt and error
and after i debug i suspect it is because of Datetime conflict (dd/MM/yyyy and MM/dd/yyyy)
2) I cannot fix or limit my user to setting his/her pc regional setting to UK
So what can i do in my web application solve this issue?
(Can i write any code in my client side (.aspx) to convert or do standardization to US)
I have written a SP which maintains users log in and log out history,it works fine when any user logs in or clicks on log out, problem is that as per need its not to allowed to keep the screen idle for 1 minute or more then in the log out column Null value is passed.
SP
Create proc usp_trackuserlogindetails
@username varchar(50) = null,
@command int = 0
as
BEGIN
if(@command = 0)
begin
insert into userlog (USERNAME,LOGIN,LOGOUT) values (@username,Getdate(),Null)
[Code] ....
Here when user manually clicks the log out button then 1(table above) is the output.
When user leaves the screen idle then after 1 minute the page goes to the Login.aspx page if the user tries to do something on the current page,here 2(table above) is the output can i store some hard core value instead of Null like Session expire or the exact session expires time.
Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?
View 3 RepliesURL.... Still there will be need of url in ajax method if i put javascript in site.master.cs . As what i have understood from that mysite.master.cs will be like this :
protected void Page_Load(object sender, EventArgs e) {
try {
if (Session["Prefix"].ToString().Trim() == "sys_admin") {
UserNameMasterLabel.Text = Session["UserName"].ToString().Trim() + " (ADMIN)";
[code]....
And site.master will be like this :
And I have to put next method in DailyLog.aspx page ? like this
System.Web.Services.WebMethod(EnableSession = true)]
public static int RefreshSession() {
HttpContext.Current.Session["Name"] = "BSD";
Configuration config = WebConfigurationManager.OpenWebConfiguration("~/Web.Config");
SessionStateSection section = (SessionStateSection)config.GetSection("system.web/sessionState");
int timeout = (int)section.Timeout.TotalMinutes * 1000 * 60;
return timeout;
}
But I have several pages in my website , by doing the above story will it work for Builder.aspx ? or any other page rather than dailylog.aspx ?
How to Check whether user is valid and authenticated without using Session in ASP.Net ....
View 1 RepliesI am a little bit new at handling multiple sessions congruently.
Basically i have created a chat application. In which i have a moderator page.
Now the moderator has the privilege to block particular users from the chat. Every user including the moderator has a session variable defined as Session["UserID"].
e.g for the username "moderator" the Session["UserID"]=moderator.
Now as i am logged in as the moderator how do i delete the session of a particular user whom i want to block the chat from commencing.
how to maintain the session that doesn't expire unless and until user logout.
View 1 RepliesHow to automatically log out after 15 mins by using asp.net vb.net ....
View 1 RepliesI have made a web page in which there is login screen when user login it goes next page but my problem is if i directly enter the url of that page it open. I want it should not open unless the user log in...
View 1 RepliesWhen the user logs in, I want to store his userID in the session with
HttpContext.Current.Session["UserID"] = 2354; (this is just a hard-coded example)
Then, when I run a page method, if I do
var test = HttpContext.Current.Session["UserID"];
will the variable test hold the value I stored when he logged in?
If this is a correct way of doing it, how do I access the session when I receive a call from a page method? I want to put the test =... line in a page method to identify which user the request is coming from.
Does the same session continue or is a new session created for the same "USER" when a user logs in from computer 'A' using Firefox.By my understanding, a 'session is created for that user by the server'.Now, without closing the browser tab, a user opens a new tab and goes to the same page [that would require the user to log in first]Will the server continue the same session, making the code recognize the user
View 6 RepliesCan ASP.NET themes be used per user session ? Ex : For one user,User theme called "Green" and for another user Use the theme called "Red". Or themes are for the enire web app ?
View 1 RepliesI've been reading around the web about different alternatives to keeping track of users but I can't seem to find the "perfect" solution for my situation.
The app will (hopefully) be high-volume so I'd like to design with scalability in mind. It might be necessary to host the site using several web-servers so session mode InProc won't work, right? It's kept in memory of the current web-server and since the user might jump from web-server to web-server I can't be sure the session will be kept connected to the user.
Do I need to make a custom membership and role provider that works with mySQL to be able to use the .NETs standard user handling systems (like FormsAuthentication that can handle session stuff from what I've understood)?
how to close previous session for same user. If user logon on computer A and then logon on B i must close session for A.
View 1 Replieshow can i do this? At the moment a user's session is lost whenever they close the browser, but sites like facebook have a 'keep me logged in' option. How does this work exactly and are there any well known ways to do this in .net? i understand part of the way it works is that they store the username in a cookie.
View 4 Replies