ASP.NET Identity sign out another user
Question
Just like in this question , I want to sign out another user via updating the Security Stamp. However it doesn't work when testing on my local machine. I suspect the problem might be with the order of commands I'm using to reset a user and persisting the different properties to the db.
That's my Startup.Auth
public partial class Startup
{
public static TimeSpan expireTimeSpan = TimeSpan.FromHours(24);
public static IDataProtectionProvider DataProtectionProvider { get; private set; }
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(() => DependencyResolver.Current.GetService<ApplicationUserManager>());
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
ExpireTimeSpan = expireTimeSpan,
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
DataProtectionProvider = app.GetDataProtectionProvider();
}
}
And this is a controller method that allows changing another users email == username. On changing the email, the user is supposed to be logged out and not have a valid password anymore.
public async Task<IHttpActionResult> UpdateUser(string id, ApplicationUser newUser)
{
var user = await _userManager.FindByIdAsync(id);
if (user == null) ...
IdentityResult result;
user.name = newUser.name;
user.roles = newUser.roles;
// sign out user and invalidate password
if (user.email != newUser.email)
{
user.email = newUser.email;
user.PasswordHash = null;
result = await _userManager.UpdateSecurityStampAsync(user.Id);
if (!result.Succeeded) throw new Exception("Security Stamp not updated.");
await _account.SendPasswordEmail(user);
}
result = await _userManager.UpdateAsync(user);
if (!result.Succeeded)
return GetErrorResult(result);
return Ok();
}
I have tried persisting the user first, then generating a new SecurityStamp , but that didn't work either.
Any ideas what could be wrong?
Thanks!
1 answers
solution1
1 ACCPTED 2014-12-07 08:44:38
Apparently you didn't read the answer in the question you linked to clearly.
// important to register UserManager creation delegate. Won't work without it
app.CreatePerOwinContext(UserManager.Create);
This is further explained here:
https://aspnetidentity.codeplex.com/workitem/2209
However, you should be aware of this bug:
ExpireTimeSpan ignored after regenerateIdentity / validateInterval duration in MVC Identity (2.0.1)
This will be fixed in the forthcoming Identity 2.2/Owin 3.0 release, but is not yet final.
https://aspnetidentity.codeplex.com/workitem/2347
Also see this blog article:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.