Secure an ASP.NET Application Using limit for number of logins

I am trying to find a solution to control the number of logins on asp.net application. I need to install the application in the client server, and set the number of licences. e.g. only 10 users are allowed to access the app.

Every time someone tries to login I need to check how many user are logged in, compare with the total allowed then authorize that user to proceed.

I tried with Certificate, but I couldn't see where to match the number of logged in users with the max number of allowed开发者_JS百科 user.

Also I would like to use the IP address as identifier, then if I open 3 browser windows, it count only one user logged.

Basically this web application will be sold by licences. We need to control the logins per computer, and not per user, and block logins if the limit of logins are reached.

Please forgive me, if i am not clear with the description.

Thanks for any help.

---

I would use the SessionID in the Session object as the key, I'd store that along with the UserID for the logged in user in a database or some kind of backing store. I'd use Session_End in the global.asax to remove the records above for any session expiring and also remove them in any logout function. You should find it fairly simple to count the number of active sessions you have and confirm that it's not the same user logging in again, if that's allowed.

---

What I would do is use the global.asax file and increment a counter in session_start and decrement on session_end. Since the session is stored in a cookie, several sessions on the same computer only create one session.

Here is a good refrence for the global.asax file: http://aspalliance.com/1114_Understanding_the_Globalasax_file.3

---

I would use the Membership.GetNumberOfUsersOnline method, if you are using the Membership API, to determine the number of active users.

I believe this number only counts the number of users you have authenticated so it is safe to use in your scenario.