[转载]MVC中单用户登录

转自：http://www.cnblogs.com/firstcsharp/archive/2013/05/19/3087481.html

把下面这段代码放在登录用户验证以后：

//用户登录验证通过后判断用户是否重复登录
        public void SingleUserCheck(string userid)
        {
            HttpContext httpContext = System.Web.HttpContext.Current;
            Hashtable userOnline = (Hashtable)httpContext.Application["Online"];
            if (userOnline != null)
            {
                int i = 0;
                while (i < userOnline.Count)
                {
                    IDictionaryEnumerator idE = userOnline.GetEnumerator();
                    string strKey = string.Empty;
                    while (idE.MoveNext())
                    {
                        if (idE.Value != null && idE.Value.ToString().Equals(userid))  //如果当前用户已经登录，
                        {
                            strKey = idE.Key.ToString();
                            userOnline[strKey] = "XXXXXX";   //将当前用 户已经在全局变量中的值设置为XX 
                            break;
                        }
                    }
                    i++;
                }
            }
            else
            {
                userOnline = new Hashtable();
            }
            userOnline[httpContext.Session.SessionID] = userid;  //初始化当前用户的  sessionid
            httpContext.Application.Lock();
            httpContext.Application["Online"] = userOnline;
            httpContext.Application.UnLock();
        }

添加验证特性类，自动让已经登录的用户下线：

using System.Collections;

namespace System.Web.Mvc
{
    public  class SingleUserAuthorize:AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            Hashtable userOnline = (Hashtable)(httpContext.Application["Online"]);
            if(userOnline!=null)
            {
                IDictionaryEnumerator idE=userOnline.GetEnumerator();
                string strkey=string.Empty;
                if(userOnline.Count>0)
                {
                    while(idE.MoveNext())
                    {
                        //登录时判断保存的session是否与当前页面的session相同
                        if (userOnline.Contains(httpContext.Session.SessionID))
                        {
                            if (idE.Key != null && idE.Key.ToString().Equals(httpContext.Session.SessionID))
                            {
                                //判断当前session保存的值是否为被注销值
                                if (idE.Value != null && "XXXXXX".Equals(idE.Value.ToString()))
                                {
                                    //验证被注销则清空session
                                    userOnline.Remove(httpContext.Session.SessionID);
                                    httpContext.Application.Lock();
                                    httpContext.Application["Online"] = userOnline;
                                    httpContext.Response.Write("<script>alert('你的帐号在别处登录，你被强迫下线！');location.href='/Load';</script>");
                                    httpContext.Response.End();  
                                    return false;
                                }
                            }
                        }
                        else
                        {
                            return false;
                        }
                    }
                    return true;
                }
                else
                {
                    return false;
                }
            }
            return false; 
        }
    }
}

验证的时候在控制器里添加：

[SingleUserAuthorize]

最后在Global.asax.cs里添加如下代码：

//单点登录代码开始
        protected void Session_Start(object sender, EventArgs e) { }
        protected void Session_End(object sender, EventArgs e)
        {
            Hashtable hOnline = (Hashtable)Application["Online"];
            if (hOnline[Session.SessionID] != null)
            {
                hOnline.Remove(Session.SessionID);
                Application.Lock();
                Application["Online"] = hOnline;
                Application.UnLock();
            }
        }
        //单点登录代码结束