Our SSO login process uses native authentication in the SQL Server user repository.
One of our new security requirements is to allow only one account to have one active session at a time. Thus, at any time when the user logs in, we will verify that the login credentials are already active, and it is advisable that the new user is not logged in again before the end of another session. Alternatively, we could force another session to end if it would be easier to implement.
Is there an easy way to do this using forms authentication? We looked at an individual approach in which we track every session in the database, but it will be a lot of work, and we will probably have to change all our applications to detect session_end, which I hope to avoid. I suppose there should be something in Forms Auth that handles this.
I saw the MembershipUser.IsOnline () method, which seems perfect, but we do not use a membership provider.
UPDATE: just to be clear, I don’t need to check if the current user is logged in, I need to know if someone else is already registered in the same account.
source
share