جلوگیری از ورود همزمان کاربران با نام کاربری و رمز عبور یکسان
نویسنده: شاهین کیاست
تاریخ: ۱۳۹۴/۰۶/۱۲ ۱۶:۱۰
آدرس: www.dntips.ir
| مطالب | ۳۶۹۴ |
| نویسندگان | ۲۷۶ |
| گروههای مطالب | ۱۰۲۴ |
| نقشههای راه | ۱۱۹ |
| دورهها | ۱۴ |
| اشتراکها | ۱۷۹۱۴ |
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
} var loggedinUser = await UserManager.FindAsync(model.Email, model.Password);
if (loggedinUser != null)
{
await UserManager.UpdateSecurityStampAsync(loggedinUser.Id);
} app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
}); OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( TimeSpan.FromMinutes(0), // <-- Note the timer is set for zero (manager, user) => user.GenerateUserIdentityAsync(manager))
window.setInterval(function() {
$.ajax({
url:,
type: "Post",
dataType: "json",
success: function(data) {
if (!data) {
alert("Someone has logged in using your username and password!");
location.reload();
}
}
});
}, 60000); [AllowAnonymous]
public virtual ActionResult Authenticated()
{
return Json(User.Identity.IsAuthenticated);
} TimeSpan.FromMinutes(0)
if (validate)
{
var manager = context.OwinContext.GetUserManager<ApplicationUserManager>();
var userId = getUserIdCallback(context.Identity);
if (manager != null)
{
var user = await manager.FindByIdAsync(userId).WithCurrentCulture();
var reject = true;
// Refresh the identity if the stamp matches, otherwise reject
if (user != null && manager.SupportsUserSecurityStamp)
{
var securityStamp =
context.Identity.FindFirstValue(Constants.DefaultSecurityStampClaimType);
if (securityStamp == await manager.GetSecurityStampAsync(userId).WithCurrentCulture())
{
reject = false;
// Regenerate fresh claims if possible and resign in
if (user.IsChangedPermissions && regenerateIdentityCallback != null)
{
var identity = await regenerateIdentityCallback.Invoke(manager, user).WithCurrentCulture(); app.CreatePerOwinContext(() => (ApplicationUserManager)SmObjectFactory.Container.GetInstance<IApplicationUserManager>());