|
Posted by Christian Thies [Ar] on August 24, 2007, 5:43 pm
Please log in for more thread options
Dave, I bet you walk over a similar problem!
Your hope is right, thanks for helping me
Regards
wrote:
> Roger, making my app to control acces should be te last option. Because a
> matter of time, I need to find out a solution aready builded, already
> tested, and rady-to-use.
>
> Regards
>
>
>
>
> >> Roger, you're right. I'm not preventing, I have a clue if I log trys of
> >> multiple logins
> >> The content is used 7*24*365. So a logged user will keep logged all the
> >> time. Any attempt to log in with an already logged credential is a
> >> violation (or error).
>
> >> You're also right about cconnect, I'm rebuilding my DC after trying,
> >> but
> >> I think I made a mistake and I'm going to try again
>
> >> Another point is this, I need to prevent access to a mms (or http)
> >> connection, not a shared resource in a netowrk
>
> > All three methods indicated, cconnect, limitlogon, and the share-based
> > of the KB provided, intend to prevent a second local login.
> > It sounds to me that you really want a mod in the app so that it does
> > not
> > allow a second connection to it using the same creds.
>
> >>> Hi Christian,
>
> >>> I guess I do not understand how limiting to one session is in fact
> >>> preventing unauthorized access.
> >>> Assuming it somehow does help, then how does it make sure that
> >>> the correct person is the one allowed the one available session?
>
> >>> Anyway, cconnect and limitlogin are fairly heavy to implement.
> >>> Take a look at the following for the select few accounts needed:
> >>>http://support.microsoft.com/kb/260364
>
> >>> Roger
>
> >>>> I'm building a product that is accessed with a username and password,
> >>>> and for preventing unauthorized access to it, I need to prevent
> >>>> multiple simultaneous logons with the same username and password
>
> >>>> Sorry about my English. Let me know if the answer is clear
>
> >>>> Christian
>
> >>>> mensaje
> >>>>> Why do you need to do this? What security risk do you need to
> >>>>> mitigate?
>
> >>>>> Steve Riley
> >>>>> steve.ri...@microsoft.com
> >>>>>http://blogs.technet.com/steriley
>
> >>>>>> Hi, I have Windows 2003 domain working. I need to allow only one
> >>>>>> network logon per user.
>
> >>>>>> The example is:
>
> >>>>>> User: username
>
> >>>>>> Status: Logged
>
> >>>>>> If user username try to login from a different machine, and he is
> >>>>>> logged in another, the login attempt must be denied
>
> >>>>>> How can I accomplish this?
>
> >>>>>> Thanks in advance- Hide quoted text -
>
> - Show quoted text -
Christian,
One of the problems that you are going to run into is that the OS is
not very good at tracking logoffs - even in the best circumstances.
Most add-ons that limit logons use a reference count to indicate that
someone is logged on and if another logon event occurs and the ref
count is above a threshold value (1 in your case) then the logon is
denied. The problem is that there are a large number of cases where a
logoff event is not signalled and the ref count never decreases. This
effectively locks the user out of the domain.
Web-based connections are the worst because they are supposed to be
inherently stateless. Maybe this isn't true in your case and you have
a client that sends a CONNECTED message periodically. If so, then
you'll need to modify your server so that it decrements the ref count
when the CONNECTED message stops coming. And then you'll have to make
sure that the user can't cause this to happen artificially (disconnect
the network cable) but still resume the original session after a new
instance has been created. Gee, it sounds like I've been through this
before... :)
Additionally, using an Active Directory domain infrastructure for a
music sharing service sounds odd. You said you are looking for
something bundled, but a solution based on AD means that the customer
is going to have to set up external-facing AD or have one already. AD
is viewed as being hard to set up and not many people have outward
facing domains. You'd face less resistance using SQL in my experience.
Just my thoughts - hope they help!
Dave
| 
XML Sitemap