C # Win App User Login Technology
HI, I am doing an ERP solution in a Windows C # (2.0) and SQL2005 Database.The network application communicates through the Database.I used the usual technique for user login and logout while keeping the status bit. My problem is that when my application is interrupted for any other reason, the user may not change. This will cause the user to be unable to login next time. How can I solve this problem? Could you please give any new user manipulation technique?
source to share
If you intend to prevent the same username from being shared on different computers after logging in with a valid password, register a unique token on that computer so that staff.last_logged_at = @unique_token . When logging out, set staff.last_logged_at = ''. This way, even if the computer was interrupted (program crashed due to a virus, or accidentally pressed the reset button on the computer, etc., so last_logged_at was not reset to "), the user can still log in, just check the computer token which the user is currently logging in is the same as last_logged_at If it is the same, he / she can still log in.
If any user tried to log in using another user's username, just check if the computer token is the same with some user's computer with another user last_logged_at, if it is not equal, deny login, that means two users use the same password.
Now the scenario is if the computer crashes badly (processor melts, hard drive crash, OS needs reinstallation, etc.). The user must be allowed to use other computers. Create an admin module that can reset the user's last_logged_at.
For @unique_token, just use whatever is unique and persistent on the computer, say the MAC address or hash in the OS settings.
pseudocode:
Logging In:
if (select count(*) from staff where staff_name = @staff_name and password = 'correct' and (last_logged_at = '' or last_logged_at = @unique_token) ) <> 0 then then
-- allow login
update staff set last_logged_at = @unique_token where staff_name = @staff_name
else if (select count(*) from staff where staff_name = @staff_name and password = 'correct' and last_logged_at <> @unique_token) <> 0 then then
-- disallow login
throw exception "You cannot use the same user name on two or more computers. Contact the administrator if you have any concerns"
else
-- disallow login
throw exception "Wrong password"
end if
Logging Out:
update staff set last_logged_at = '' where staff_name = @staff_name
source to share
How about keeping track of user logins by maintaining a session for each login? The quick and dirty solution is to then offer the option to log in from the "new location" and cancel the old session. Then, when you go to perform the operation, first check if the session is actually valid.
The best implementation is to keep the session awake and specify a timeout. (ie if the session is x-minutes out of date, it is invalid.) Then you will not see the "phantom logins" from the old orphan connections - they will expire automatically.
source to share
There are two general answers here:
- if you try to login and are already logged in, suggest to reset the existing login
- use polling / timeout - i.e. call the application a method every 2 minutes (for example) that updates "last heard"; if you haven't heard someone after 5 minutes (for example) then clear the flag
source to share
Why limit the number of login attempts? Windows typically runs multiple instances of an application.
I have to admit that there is also a part in my windows app that is only allowed to one user. To see if other users are connected, I use something like Marc's polling algorithm. With the possibility of forced entry.
Updating the lock record once a minute or two minutes is not resource intensive (unless you have thousands of users).
source to share