DotNetNuke currently has no provision for preventing a user from sharing an account with other users.  This is a real problem for paid-subscription sites.  There is, however, a simple trick you can do using the REPORTS module that will help to prevent simultaneous logins on the same account by different users...
 
 
REPORTS module
The REPORTS module is what I call a "SQL module" -- you give it some SQL to execute and it gives you the results.  This is far more useful than you might at first imagine.  We've already covered a number of handy things you can do with REPORTS and similar free third-party modules Advanced Datagrid and SQLView.  This time around we're going to use REPORTS to create an auto-logout feature if the current logged-in user has browsed any part of our DNN site from two (or more) different IPs within the last 20 minutes.  Best of all, this will only take a couple of minutes to set up!
 
 
Set It Up
Drop the REPORTS module on a test page and set the module to be visible only to REGISTERED USERS (this is very important).  In the module's SETTINGS, un-check the "Show Header" option and add the following SQL  to the QUERY field.   
 
Note:  You'll need to remove the blank spaces just after each "<" and just before each ">" on line 4.
 
 select
 case
  when (count (distinct userhostaddress) > 1) then
    '< script >javascript:__doPostBack("dnn$dnnLOGIN$cmdLogin","")< /script >'
  else ''
 end
 from sitelog where userid = @UserID
 and DateAdd(minute, 20, datetime) > getdate()

That's it!  Save it and it's active.  Note that you'll need to have your portal's SITELOG active and set to retain at least one day of logging.  The "20" in the last line is the number of minutes a user must wait between browsing the site and logging in again from a different IP.  You may wish to increase this value.
 
 
What It Does
This one is pure simplicity.  The query counts the number of different IPs the current user has browsed from in the previous 20 minutes.  If that number is greater than "1", the query returns a script to call the standard LOGOUT function.  If the number of not greater than "1", the query returns nothing (nothing will show up on the web page as long as you remembered to un-check the "Show Header" option).
 

Test It Out
So.....how do you know it's working?  Here's one way:  Create a test account -- you'll be logged in automatically upon account creation.  Now open a new browser window and browse to a free proxy service such as Anonymouse.org.  Enter the URL of your site at the proxy service and let the service surf back to your site for you (using their server and, thus, their IP).  Now log in with your newly created test account (tip: never log in with your ADMIN account while using a proxy service!) and browse to your test page.  The REPORTS module should now see you logged in with the same account from two different IPs within the last 20 minutes and automatically log you out.  Sweet!
 
To make this effective, once you've determined that everything works as it should you can activate the module's SETTINGS option "Display module on all pages" to enable the module sitewide.
 
 
Caveats
There are, at the minimum, a few things to consider before employing this solution:

• Are you running a load-balanced setup?  If so, are your web visitor source IP values properly passed through your load balancer(s) or does DNN only see the URL of the balancer(s)?
   
• Do YOU log in routinely from different machines within a 20-minute period?  If so, you'll want to add some SQL to filter out any accounts that should be allowed to use different IPs.
   
• Auto-logging a user out without any explanation is not excatly the best of practices.  Instead, you may prefer to forward the user to a special, hidden "Duplicate logins from different IPs detected" warning page or perhaps precede the logout postback call with an appropraite alert box message.

 
This solution is not bulletproof but it should do the trick for the majority of DNN admins.  A better solution would be a dedicated module (or skin object) that would take care of the logout action from the server side of things instead of initiating a postback after the page has loaded.  Such a module could also offer messaging options, provide admins an easy means of adding exceptions to certain accounts and/or user roles, provide logging, etc.


More Solutions, Just As Easy
 If you missed our previous uber-easy REPORTS module (and similar) solutions, you can catch up on them here:
 

• Create a Tag Cloud (Part 1)
    
• Create a Tag Cloud (Part 2 -- Clickable Tags)
   
• Create a "Latest Blogs" list
   
• Create "Login Redirection" based on User Role
   
• Create a "Most-Commented" Blog Entries list
   
• Create an EVENTS module event status table 
   
• Create a "Most-Recently Registered Users" list