asp.net單一登錄

asp.net 使用 Application 限制單一登錄

原理：用戶登錄後系統會分配一個與用戶唯一對應的SessionID，將當前用戶ID與其SessionID對應保存在Application中，一旦該用戶在其他地方重覆登錄則Application中保存的SessionID就會被更新，導致當前session中的SessionID與Application中的SessionID不再一致

用戶登錄後保存SessionID在Application中

private static void RecordLogin(string strUId)
{
    HttpContext.Current.Application.Lock();
    HttpContext.Current.Application["SESSIONID_" + strUId] = HttpContext.Current.Session.SessionID;
    HttpContext.Current.Application.UnLock();
}

判斷方法

public static bool CheckRepeatLogin(string strUId)
{
    object objSessionId = HttpContext.Current.Application["SESSIONID_" + strUId];
    if (objSessionId == null || objSessionId.ToString() == "") return false;

    return objSessionId.ToString() != HttpContext.Current.Session.SessionID;
}

aspx頁面跳轉時判斷：添加基類 BasePage.cs

public class BasePage:System.Web.UI.Page
{
    public UserInfo CurUser = null;

    protected override void OnInitComplete(EventArgs e)
    {
        CurUser = CurSession.CurUser;

        if (CurUser == null)
        {
            Response.Redirect(SysHelper.GetVirtualPath() + "pagesessionnull.html", true);
        }

        if (LoginService.CheckRepeatLogin(CurUser.UId))
        {
            Response.Redirect(SysHelper.GetVirtualPath() + "pagerepeatlogin.html", true);
        }

        base.OnInitComplete(e);
    }

    protected override void OnLoadComplete(EventArgs e)
    {
        Response.Cache.SetNoStore();
        base.OnLoadComplete(e);
    }
}

ashx頁面請求時判斷：添加基類 BaseHandler.cs

public class BaseHandler : IHttpHandler, IRequiresSessionState
{
    public UserInfo CurUser = null;
    public HttpContext CurContext = null;

    public void ProcessRequest(HttpContext context)
    {
        context.Response.ContentType = "application/json";
        context.Response.Charset = "utf-8";
        context.Response.Cache.SetCacheability(HttpCacheability.NoCache);

        try
        {
            CurUser = CurSession.CurUser;
            CurContext = context;

            if (CurUser == null)
            {
                context.Response.Write(JsonHelper.GetResult(false, "登錄超時，請重新登錄", new { rcode = -98 }));
            }
            else if (LoginService.CheckRepeatLogin(CurUser.UId))
            {
                context.Response.Write(JsonHelper.GetResult(false, "您的帳號在其他地方登錄，您已經被踢出，請重新登錄", new { rcode = -99 }));
            }
            else
            {
                context.Response.Write(ActionMethod());
            }
        }
        catch (Exception ex)
        {
            context.Response.Write(JsonHelper.GetResult(ex.Message.ToString()));
        }
        finally
        {
            context.Response.End();
        }
    }

    public virtual string ActionMethod()
    {
        return JsonHelper.GetResult();
    }
    public bool IsReusable
    {
        get
        {
            return false;
        }
    }
}