Introduction:
Single Sign-On (SSO) is the hottest topic in Web Applications. There are lots of solutions for SSO and you can find on the net easily. Some time there is a need of Single Sign On for Cross Application or sometimes there is a need for Single Application. For most SSO for one application you will find the solution using the Form Authentication Ticket. However in this Article you will find the solution using InProc Session. This is good for the users which are using InProc Session to validate their Users.
Description:
The InProc Session model is the fastest and most commonly used model. Therefore most of the Developers used this to implement their authentication. For one application scenario this is good that when a user sent valid credentials, instead of issuing a forms authentication ticket, you could write some information into session state. When the user returned to the site, and the session state was still active, you could check the session data to determine the logged on status.
When using the in-process mode of the data storage mechanism that is used is the ASP.NET Cache object. The Cache object manages a chunk of memory inside an application domain. The main class used to store is CacheInternal which define as internal. Therefore Reflection is the only way to get this class.
Here is the sample code; all you need is to create a Login Page with some controls, such as, Two Textbox, One Button and One Label.
protected void Page_Load(object sender, EventArgs e)
{
//If User was Previously Logged In
if (Session["User"] != null)
Response.Redirect("Default.aspx", true);
}
protected void Button1_Click(object sender, EventArgs e)
{
object obj = typeof(HttpRuntime).GetProperty("CacheInternal", BindingFlags.NonPublic | BindingFlags.Static).GetValue(null, null);
Hashtable c2 = (Hashtable)obj.GetType().GetField("_entries", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(obj);
foreach (DictionaryEntry entry in c2)
{
object o1 = entry.Value.GetType().GetProperty("Value", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(entry.Value, null);
if (o1.GetType().ToString() == "System.Web.SessionState.InProcSessionState")
{
SessionStateItemCollection sess = (SessionStateItemCollection)o1.GetType().GetField("_sessionItems", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(o1);
if (sess != null)
{
if (sess["User"] != null)
{
// Check whether this is the first time to Log In
if (sess["User"].ToString() == txtUserName.Text)
{
Label1.Text = "You have Logged In Before";
return;
}
}
}
}
}
// Compute the Credentials
if ((txtUserName.Text == "imran") && (txtPassword.Text == "123"))
{
Session["User"] = "imran";
Response.Redirect("Default.aspx", true);
}
else
{
Label1.Text = "Login Failed";
return;
}
}
At Page Load It simply check whether the user is logged in before, If not then stay on the Login Page. If the user provides credentials which are authenticated before a simple message “You have logged in before”. If user is authenticated sucessfully then it will be redirected to secure Page.
Summary:
In this Article you saw that how to Enforce User to Login only one. This article shows a really simple example to implement it. However you can add more logic to improve it.