I was searching but I could not find one answer to this question: does aspnet identity provide one way to avoid simultaneous login from the same account?
Identity does not have a built-in way to track simultaneous logins, but you can do a work-around: every time user logs-in, before setting auth-cookie, change user's SecurityStamp
by await userManager.UpdateSecurityStampAsync(user.Id);
And make sure you have this part in your Startup.Auth.cs
:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(5),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
This way every time user log-in, all other sessions will be invalidated because the SecurityStamp on user is changed. And the validateInterval
to a low enough value, so other auth-cookies can be invalidated soon enough.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With