Concurrency problem in asp.net
-
Hi guys, I have an interesting scenario. I have a web application created with asp.net 2005. There will be more users who will be using my web application. User's can use the login page to log in to the application and use sign out to logoff the application. My question is :- if for example a user from a machine 1 with an ID "Shankar" has signed into the application by providing the correct credentials and the same user is signing into the application with the same credentials, but this time from a differant machine. How should i prevent this from happening. Please help me out of this problem. Regards Shankar
-
Hi guys, I have an interesting scenario. I have a web application created with asp.net 2005. There will be more users who will be using my web application. User's can use the login page to log in to the application and use sign out to logoff the application. My question is :- if for example a user from a machine 1 with an ID "Shankar" has signed into the application by providing the correct credentials and the same user is signing into the application with the same credentials, but this time from a differant machine. How should i prevent this from happening. Please help me out of this problem. Regards Shankar
-
Hi guys, I have an interesting scenario. I have a web application created with asp.net 2005. There will be more users who will be using my web application. User's can use the login page to log in to the application and use sign out to logoff the application. My question is :- if for example a user from a machine 1 with an ID "Shankar" has signed into the application by providing the correct credentials and the same user is signing into the application with the same credentials, but this time from a differant machine. How should i prevent this from happening. Please help me out of this problem. Regards Shankar
check the ip address when signing in
-------------------------------------------------------- 1 line of code equals many bugs. So don't write any!! My mad coder blog
-
check the ip address when signing in
-------------------------------------------------------- 1 line of code equals many bugs. So don't write any!! My mad coder blog
I don't think the IP is the way to go. (due to NAT, etc..) The IP is unreliable.
-
I don't think the IP is the way to go. (due to NAT, etc..) The IP is unreliable.
yes, and due to the architecture of the web. Knowing the actual computer ID is unreliable also. But you can still trace the IP to the origination IP. It all depends on how much effort you want to use.( there are tons of utilities that can trace this) But, using whois you can trace down the ISP and they usually use the same patterns for IP's. I was on a spam rampage and I can trace anyone back to thier orignal IP that the email was sent from. Even if its sent within IP hider types. And if this tells me thier ip location, so will the requesting machine. all you really need is the ISP server name and a few other bits which are inside the request header. Everything is traceable. There maybe hurdle, but tons of sites in the UK tell you how to get past anyone of them. IP or a mac address is your best bet. But, last time i looked at a header the mac address wasn't there. And due to security you wont be able to get it, unless you create an active x control to run on your page. Much like AJAX. Nick
-------------------------------------------------------- 1 line of code equals many bugs. So don't write any!! My mad coder blog
-
Hi guys, I have an interesting scenario. I have a web application created with asp.net 2005. There will be more users who will be using my web application. User's can use the login page to log in to the application and use sign out to logoff the application. My question is :- if for example a user from a machine 1 with an ID "Shankar" has signed into the application by providing the correct credentials and the same user is signing into the application with the same credentials, but this time from a differant machine. How should i prevent this from happening. Please help me out of this problem. Regards Shankar
Shankar We had the same sort of functionality in our application and we are storing ip, flag , domain name and checking with or conditions. If any conditions return true value we display message to user. But I am not sure how flexible you are for changing your application design, Amit