0

Currently i'm searching for a technique to create a named user license system with asp.net mvc. For example a customer has bought 10 user licenses, it should only be possible, to log in 10 times parallel.

The problem I'm struggeling with, is the fact that there is no permanent connection in web technologies. (Between client and server, besides using web sockets or some similar things).

Or is there a well known and good alternative?

Thank you very much!

BendEg
  • 20,098
  • 17
  • 57
  • 131
  • License based on concurrent active sessions? – Alex K. Feb 08 '16 at 14:27
  • Can't you just store the number of active sessions? – Patrick Hofman Feb 08 '16 at 14:28
  • Related / possible duplicate of [List all active ASP.NET Sessions](http://stackoverflow.com/q/1470334/993547). – Patrick Hofman Feb 08 '16 at 14:29
  • The website is hosted on-site hosted and is connected with a database. Every customer has one database which contains a list of users and a license with a maximum of users. One Login should take one license. So if you login with the same username twice, two licenses should be used/reserved. – BendEg Feb 08 '16 at 14:29
  • @PatrickHofman so that i proof before a requests is executed, whether the session is valid? – BendEg Feb 08 '16 at 14:30
  • Keep a list of company id's and session id's. On logging off, remove a session from the list (`Session_End` event). Check on every log in if the list count is less than the maximum number of licenses. – Patrick Hofman Feb 08 '16 at 14:31
  • And restarting the IIS will log off all users and reset the licenses than? – BendEg Feb 08 '16 at 14:32
  • If its hosted locally are you using their Active Directory for credentials? You could actively assign seats to individuals ... – Jammer Feb 08 '16 at 14:32
  • I use a mixture of AD and website-only users. But all users are stored in the database with there user rights/roles. – BendEg Feb 08 '16 at 14:33
  • Well of course they would be, even if using AD. The point is if the licensed users are AD Users just assign the available licenses to individual AD accounts. Using Sessions is unreliable and error prone in my expericen since you simply are not in charge of those ... IIS is. – Jammer Feb 08 '16 at 14:35
  • So thinking about another license model and agreement would be the better solution :)? – BendEg Feb 08 '16 at 14:41
  • In my system where I do this I have a specific role called a license manager that belongs to a company rather than an individual, that users role is to manage their licenses and assign those "seats" to individuals. That might work for your system. – Jammer Feb 08 '16 at 14:42
  • Some thing like this should work, because 1 Installation = 1 Company. We have one database and iis site per company so yes, this should work. – BendEg Feb 08 '16 at 14:46
  • The License manager role has a separate login as well, has access only to a license management page and is NOT a user account so can be shared internally so its not limited if that person is off or ill ... – Jammer Feb 08 '16 at 14:51

1 Answers1

0

A possible solution (which may or may not be the right one for you), is to store the amount of sessions a user currently has and is allowed to have in two columns in your database.

Let's say you have the functions login(username, password) and logout(username), or something similar. Then, you need two new columns in your database, one storing the maximum amount of sessions a user can have, e.g. maxSessions , the other one containing the current count of sessions a user has, e.g. curSessions.

Now you can check with every call of login(username, password) if a user has reached the maximum of allowed sessions, and deny his access to your service. If he hasn't, add 1 to curSessions, then run your other login code. If logout(username) gets called, remove 1 from curSessions, and run your logout code.

If I understood your question the right way, this is what you were looking for.

Tgrelka
  • 31
  • 5