Home/ Questions/Q 6597139
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T18:10:13+00:00

I need to prevent users logging into my ASP.NET MVC application from multiple sessions,

  • 0

I need to prevent users logging into my ASP.NET MVC application from multiple sessions, and found this answer how to do it.

Now I want to add an MVC twist: some of the public methods on the Controller are unprotected, and I don’t care who accesses them, and some are protected by an [Authorize] attribute to ensure that only logged-in users can access them. Now I want to customize the AuthorizeAttribute so that all methods flagged with that attribute will do the no-multiple-login verification described in the related question, and throw some kind of LoggedInElsewhereException so that the client can understand if and why the check failed.

I’m sure it can be done, but how?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just derive your new attribute from AuthorizeAttribute and override OnAuthorization method. In the method do your “single session” checks first, then fall back to base implementation.

    E.g.

    public class CheckSessionAndAuthorizeAttribute : AuthorizeAttribute
{
    public override OnAuthorization(AuthorizationContext context)
    {
        //check session id in cache or database
        bool isSessionOK = CheckSession();

        if (!isSessionOK)
        {
            //can be View, Redirect or absolutely customized logic 
            context.Result = new MyCustomResultThatExplainsError();
            return;
        }

        //do base stuff
        base.OnAuthorization(context);
    }
}
    • 0