How can I restrict the part of a website so that it can be viewed by only one computer at a time?

Question

Using C# Visual Studio 2008 and SQL Server 2005.

• One database server.

• One webserver

• Three clients

• Webpage name is alpha. Site name is mysite.

I want that only one client at a time can view the page alpha. If one is viewing the page and another from another computer tries to view the same page, access is denied.

Is there any way to configure IIS so limit computers connecting to a particular page?

Is it possible to achieve this by using a static class so that only one instance of this class is made and when another tries to make ERROR?

How to achieve this?

Please note, there are many pages. I only want to restrict people' views on this page.

Answer 1

There are no built in limits the way you describe, and I am not sure what a static class is supposed to help with.

I would use an application variable, storing the IP address of the first client and some sort of timeout and set/check this on the page you want to protect in this manner.

Answer 2

As you will not be able to distinguish a refresh of the page from the same browser opening another tab, I don't see any way to make such a scheme work.

Why do you need this? Perhaps there are other alternatives that are better?

Answer 3

The short answer is: I don't think you can do this.

The not so short answer is: You could check from which computer/IP address a request originates by checking Request.UserHostAddress, temporarily store this IP address "somewhere" and prevent displaying the page to the same IP address again. But there are some problems with such an approach:

• you will have to clear the list of "active" client IP addresses sometime
• you will not be able to distinguish different users/computers if they are behind a firewall/proxy/etc (they will all show the same IP address to your web app)

Answer 4

I suppose theoretically it is possible.

You could do this with authentication + cookies + javascript.

Use authentication to get the users logged in and maintain status per user of what page has been served. Set a cookie in that browser to allow not having to log in again.

Now you can probably use the onUnLoad event (or whatever or AJAX as a keep-alive + erase DOM on timeout etc) in javascript to clear (or maintain) the status of a particular page for that user.

Whenever user requests a page, check whether he is logged in and has that page open. If the status says he has it open, you can deny a concurrent view. If he uses a different browser, you can ask for logging in again, because of missing a cookie etc.

Of course, other constraints might prevent you from using this.

Disclaimer: I haven't tried it myself and there could be ways to get around this.

Answer 5

An inefficient way to do this could be to put each user's ip and current page into a database and then query against it for all subsequent requests by that ip. Add an onUnload event to each page that deletes the unloaded page from the database.