Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

aspnet identity avoid simultaneous login same account

I was searching but I could not find one answer to this question: does aspnet identity provide one way to avoid simultaneous login from the same account?

like image 613
Thiago Custodio Avatar asked Jan 04 '15 20:01

Thiago Custodio


1 Answers

Identity does not have a built-in way to track simultaneous logins, but you can do a work-around: every time user logs-in, before setting auth-cookie, change user's SecurityStamp by await userManager.UpdateSecurityStampAsync(user.Id);

And make sure you have this part in your Startup.Auth.cs:

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(5),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });            

This way every time user log-in, all other sessions will be invalidated because the SecurityStamp on user is changed. And the validateInterval to a low enough value, so other auth-cookies can be invalidated soon enough.

like image 178
trailmax Avatar answered Nov 08 '22 21:11

trailmax