asp.net 强制性单一登陆现实

本文章使用asp.net内置membership作为登陆操作  关于配置membership   不用说明了 网上都有的首先建立一个login页面 随便放一个login控件和loginstatus控件aspx代码<body><form id="form1" runat="server"><div><asp:Login ID="Login1" runat="server" onloggedin="Login1_LoggedIn" onloggingin="Login1_LoggingIn"></asp:Login><asp:LoginStatus ID="LoginStatus1" runat="server" onloggingout="LoginStatus1_LoggingOut" /></div></form>
</body>cs代码 MembershipUser user;protected void Login1_LoggedIn(object sender, EventArgs e){if(user ==null)user = Membership.GetUser(User.Identity.Name);//获取登陆用户名的membershipuser实例
Guid newguid = Guid.NewGuid();//新建guid
HttpCookie  cookie=Response.Cookies[FormsAuthentication.FormsCookieName];//获取cookie
FormsAuthenticationTicket ft = FormsAuthentication.Decrypt(cookie.Value);//解密表单票FormsAuthenticationTicket newft = new FormsAuthenticationTicket(ft.Version, ft.Name, ft.IssueDate, ft.Expiration, ft.IsPersistent, newguid.ToString(), ft.CookiePath);//重新创建一个表单票 把生成guid加入userdata中user.Comment = "loginExpiration;" + ft.Expiration.ToString() + "|loginSessionID;" + newguid.ToString();//存储guid数据和过期时间Membership.UpdateUser(user);//更新用户数据Response.Cookies.Remove(FormsAuthentication.FormsCookieName);//删除已有相关formsName的cookieHttpCookie newCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newft));//重新创建cookienewCookie.Domain = cookie.Domain;newCookie.Expires = cookie.Expires;newCookie.HttpOnly = cookie.HttpOnly;newCookie.Path = cookie.Path;newCookie.Secure = cookie.Secure;Response.Cookies.Add(newCookie);//输出cookie到客户端
}protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e){if (user == null){user = Membership.GetUser(Login1.UserName);}//禁止同一个会话再次登陆//禁止同一个会话再次登陆if (user != null){if (User.Identity.IsAuthenticated && user.UserName == User.Identity.Name){if (!string.IsNullOrEmpty(user.Comment) && user.Comment.Contains("loginExpiration")){string currentExpirationStr = user.Comment.Split("|".ToCharArray())[0];DateTime currentExpiration = DateTime.Parse(currentExpirationStr.Split(";".ToCharArray())[1]);if (currentExpiration < DateTime.Now){e.Cancel = true;Literal t = Login1.FindControl("FailureText") as Literal;t.Text = "你已经登陆了 !";}}}}}protected void LoginStatus1_LoggingOut(object sender, LoginCancelEventArgs e){//退出登陆  清空用户的comment数据MembershipUser mu = Membership.GetUser();mu.Comment = string.Empty;Membership.UpdateUser(mu);}然后 需要一个Httpmodule模块cs代码using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;namespace aspnetajaxtast
{public class FormsAuthsessionModule : IHttpModule{public void Dispose(){}public void Init(HttpApplication context){context.PostAuthorizeRequest += new EventHandler(context_PostAuthorizeRequest);}void context_PostAuthorizeRequest(object sender, EventArgs e){HttpApplication app = sender as HttpApplication;HttpContext c = app.Context;if (c.User.Identity.IsAuthenticated){FormsAuthenticationTicket ft = (c.User.Identity as FormsIdentity).Ticket;Guid g;if (ft.UserData != ""){g = new Guid(ft.UserData);}elseg = Guid.Empty;MembershipUser user = Membership.GetUser(c.User.Identity.Name);Guid currentSessionGuid;if (!string.IsNullOrEmpty(user.Comment)){string currentSessionStr = user.Comment.Split("|".ToCharArray())[1];currentSessionGuid = new Guid(currentSessionStr.Split(";".ToCharArray())[1]);}else{currentSessionGuid = Guid.Empty;}if (g != currentSessionGuid){FormsAuthentication.SignOut();//清空cookie登陆数据 需要重向url//自己自定义转到url的代码
}}}}
}web.config 需要配置httpmodule在<system.web>下<httpModules><add name="FormsAuthsessionModules" type="aspnetajaxtast.FormsAuthsessionModule"/></httpModules>这是vs测试或者iis7以下版本需要的如果在iis7  需要以下配置代码<system.webServer><modules  runAllManagedModulesForAllRequests="true"  ><add name="FormsAuthsessionModules" type="FormsAuthsessionModule"/></modules></system.webServer>测试需要两个浏览器就可以了  一个ie 一个ff可以当模拟两台电脑  如果你有两台电脑的话 也可以