[英]ASP.NET Identity - Maintain login after updating user record
In a ASP.NET MVC web application, the admin may sometimes have the need to modify his user profile, thus altering his DB AspNetUsers
record and triggering a SecurityStamp
regeneration. 在ASP.NET MVC Web应用程序中,管理员有时可能需要修改其用户配置文件,从而更改其DB AspNetUsers
记录并触发SecurityStamp
重新生成。
Modifying the SecurityStamp
will eventually trigger the identity validation every 30 minutes server-side and cut the user's authentication, sending him back to login. 修改SecurityStamp
最终将在服务器端每30分钟触发一次身份验证,并削减用户的身份验证,将其发送回登录。
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Is there a way to prevent this from happening but allowing me to keep the validation active? 有什么办法可以防止这种情况的发生,但可以让我保持激活状态吗? (something like forcing an identity "realignment" between server and client when saving the changes on the user profile) (类似于在用户配置文件上保存更改时强制服务器和客户端之间进行身份“重新对齐”)
Thanks in advance for every advice! 预先感谢您的每一个建议! - Gigi -吉吉
You can re-SignIn the User after the changes have been made (this code assumes you have UserManager and SignInManager available as per the default Account controller and an async ActionResult): 您可以在进行更改后重新登录用户(此代码假定您具有默认帐户控制器和异步ActionResult可用的UserManager和SignInManager):
ApplicationUser user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
if (user != null)
{
await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.