0

I have a web app developed using the following technology stack:

  1. Frontend using Angular and hosted using Azure App Service
  2. REST APIs using ASP.NET CORE 3.1 and and hosted using Azure App Service
  3. Azure SQL for database

AzureAD authentication is leveraged in this implementation on top of authorization check against the database (Azure SQL).This app can be used by the users using different browsers : Chrome, Firefox and Microsoft Edge. There is a scenario where the same user can login into the application at the same time using different browsers. In this case I want to logout the user and allow him/her to be active via one connection only. In short I am trying to allow only one login from the end user at the same time and block the remaining connections from the same user using other devices or browsers. Based on my analysis, SignalR can be a potential solution for this use case.

Can anyone help me to get some sample reference code in context to the above example?

santosh kumar patro
  • 7,231
  • 22
  • 71
  • 143

1 Answers1

0

  1. When SignalR is not used, we can refer to this post. When the new user successfully logs in, log out of the previous login.

    When the same user ID is trying to log in on multiple devices, how do I kill the session on the other device?

  2. If you want use SignalR, when user login successfully, you can create a new connection, and the same time you need to save the connectionId (SignalR) and the SessionId, when the user login again, you can compare the SessionId with the previous SessionId to determine whether it is the same device. If it is not the same device, disconnect the SignalR connection and clear the previous login information.

Tips:

  1. SessionId can determine whether to use a new device to connect the webapp.
  2. SessionId and UserID must be stored in the database or redis.
Jason Pan
  • 15,263
  • 1
  • 14
  • 29