0

Sorry for the odd title - not sure how to describe it better

I have a boilerplate Blazor Server app which uses microsoft identity to successfully log people in and out.

There are some nuances that dont work for my use case and wondered if there is any way around them - I have been googling for hours to no resolution.

The issues I have:

  1. open the site in one tab and log in; open another tab and you are now logged in too with the same account

  2. Open the site in one browser window; open another browser window and log in - both browsers are now logged in

  3. Open the site; log-in; close browser - then reopen the browser and open the site and you are still logged in

What I want in each of these situations is...

  1. not logged in in the second tab - can log-in again with another account for instance
  2. not logged in in the second window - can log in with another account
  3. not logged in without actively logging in again

Is this possible?

haPartnerships
  • 335
  • 1
  • 2
  • 13

1 Answers1

0

Is this possible?

Short Answer is YES

You want to deny the Multiple Login, Duplicate Login and ...

You need some different modules to do this.

Every logged in user must have SessionID or you have to create a SID on each login and save them on a database table like UserLoginInfo.

UserLoginInfo fields: Id, SID, IP, UserID, LoginDate, LastRequestDate

You need their IP address of login request also and save them on the table. Send/Receive the SID on each request/response (Save on Header) and save it on localStorage. (You can use the claims and token if it's available on your project).

Now, You can check login request and check the UserLoginInfo table to prevent the user login or not.

You need a Session Time out for Login Attempt to allow the user to login again. You need to know, when user disconnected to update the UserLoginInfo table, ...

mRizvandi
  • 983
  • 1
  • 8
  • 20