MVC4 Web API Prevent Multiple Simultaneous Logon with Same Credential

Question

I am developing a project on ASP.NET MVC4 and WebAPI here in which everything will be carried out over ajax WebAPI calls. So as expected, all the business logics are implemented at WebAPIs in my project, starting from the login system.

The scenario I need to address is related to user login. I have it implemented and fairly running. But the new requirements wants me to implement ​a security mechanism on this existing WebAPI login system which prevents logging in to the system using same credentials at same time. ​What I have to achieve here is I have to include exclusive login for a given credential so that no other user can log in while the someone is logged in using that credential.

How can I address all the scenarios like detecting if a user is already logged in / ​detecting the user logout so that the credential now can be used for a login​​ which also includes ​​the user being improperty going out of the system because of a browser crash or an unplanned shutdown or network disconnection.

How can I implement this? I am not using any membership providers. The authentication is done against Active Directory.

Answer 1

Since you are using Forms Authentication with Active Directory, you should still be able to use the regular provider methods as long as you have ActiveDirectoryMembershipProvider specified as your provider type. In your login method, you can use

var user=Membership.GetUser(userName);
if(!user.IsOnline)
    //Do some login stuff

In your web config, you will want to have

 <membership defaultProvider="ADMembershipProvider">
  <providers>
    <add
       name="ADMembershipProvider"
       type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,
         Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
       connectionStringName="ADConnectionString"
       connectionUsername="MyDomain\MyADUserName"
       connectionPassword="MyADPassword"
       enablePasswordReset="false"
       attributeMapUsername="sAMAccountName"/>
  </providers>
</membership>

Just fill in the correct pieces you need and it should be working properly.

Make sure you also have a connection string for your AD Controller

<add name="ADConnectionString" connectionString="LDAP://MyADMachine/DC=MyDomain,DC=MyTLD" />