Videos | Podcasts
Skip Navigation Links
Home
About
Articles
Blog
Write for us
SHOP
Donate

 Subscribe

 Podcast RSS
Ensuring Single Logons For InProc Session
Imran Baloch
Published Date: 8/3/2009 8:17:19 AM
Views: 2195

Abstract:
Security is the biggest concern for any web application. Therefore it is important that Users should be allowed to login once, and only once. If they attempt to login a second time in an application the login should be rejected. Doing this, improves the Performance and Security. Single Login plays a vital role for any successful application.
Introduction:

 
Single Sign-On (SSO) is the hottest topic in Web Applications. There are lots of solutions for SSO and you can find on the net easily. Some time there is a need of Single Sign On for Cross Application or sometimes there is a need for Single Application. For most SSO for one application you will find the solution using the Form Authentication Ticket. However in this Article you will find the solution using InProc Session. This is good for the users which are using InProc Session to validate their Users.

Description:

 
The InProc Session model is the fastest and most commonly used model. Therefore most of the Developers used this to implement their authentication. For one application scenario this is good that when a user sent valid credentials, instead of issuing a forms authentication ticket, you could write some information into session state. When the user returned to the site, and the session state was still active, you could check the session data to determine the logged on status.
     
When using the in-process mode of the data storage mechanism that is used is the ASP.NET Cache object. The Cache object manages a chunk of memory inside an application domain. The main class used to store is CacheInternal which define as internal. Therefore Reflection is the only way to get this class.

Here is the sample code; all you need is to create a Login Page with some controls, such as, Two Textbox, One Button and One Label.
 

 
 
At Page Load It simply check whether the user is logged in before, If not then stay on the Login Page. If the user provides credentials which are authenticated before a simple message “You have logged in before”. If user is authenticated sucessfully then it will be redirected to secure Page.

Summary:

 
In this Article you saw that how to Enforce User to Login only one. This article shows a really simple example to implement it. However you can add more logic to improve it.
Similar Articles

Security without using CAPTCHA

Encrypting QueryStrings with .NET

Security in ASP.Net Sites

Authenticating against a Web.config file

Securing Connection Strings

 
 
   
 
 

Comments/Feedbacks