Asp.net core identity tracking user open sessions RRS feed

  • Question

  • User1504148411 posted

    We have a web application built with asp.net core, .net core 3.1, angular which uses asp.net core identity for user authentication management. We have a need to implement the below scenario:

    "If user A is logged in (this is an open session) and user B logs in with the same credentials (this is the 2nd concurrent session), after user B passes MFA, we will send an email to the email address of this customer to notify them that someone else just logged in. We will NOT end the session for the user A."

    Our current implementation uses ASP.Net identity to authenticate users with Authentication Tickets being stored in cookies. Since authentication tickets are stored in cookies, the session is browser based, hence being able to track whether the user is logged in with an ongoing open session is not possible with this implementation.

    I was leaning towards using custom store for storing auth tickets on server side with either database / redis, and then tracking token expiration thereby determining an existing ongoing session. Am I thinking along the right direction, or are there other mechanisms ? I would like some thoughts and suggestions.

    Saturday, April 4, 2020 3:36 PM

All replies

  • User-17257777 posted

    Hi MadhuriM,

    Am I thinking along the right direction, or are there other mechanisms ?

    From your description, I think Websocket or Signalr maybe a good choice.

    Best Regards,

    Jiadong Meng

    Thursday, April 9, 2020 7:26 AM