ASP.net Identity 2.0 Sign-out another user

问题:

I'm using asp.net MVC and ASP.net Identity 2.0.

On my website Admin has option to ban user, and I would like when user is banned that he is automatically signed-out from website.

I know that I can sign-out current user by calling

AuthenticationManager.SignOut(); 

But is it possible to sign-out another user ? Or maybe shorter his session ? Or anything ?

I know I could make global filter on controllers prohibiting banned users from access but that filter would be ran against each user so I'm not quiet satisfied with that solution.

回答1:

You'll need to configure cookie invalidation in Auth.Config.cs:

public void ConfigureAuth(IAppBuilder app) {     // important to register UserManager creation delegate. Won't work without it     app.CreatePerOwinContext(UserManager.Create);      app.UseCookieAuthentication(new CookieAuthenticationOptions     {         Provider = new CookieAuthenticationProvider         {             OnValidateIdentity = SecurityStampValidator                 .OnValidateIdentity<UserManager, ApplicationUser, int>(                     validateInterval: TimeSpan.FromMinutes(10),                     regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager))         },         // other configurations     });      // other stuff } 

and then update security stamp as Hao Kung says when users are banned.

I've blogged about this recently

回答2:

If you use the securitystampvalidator feature, when a user is banned just call: UpdateSecurityStamp(userId) to cause any existing login cookies to be invalid the next time they are checked.

More info about SecurityStamp?

文章来源: ASP.net Identity 2.0 Sign-out another user