In my MVC-5 application, I have to create security stamp values manually. The current implementation of the identity team seems to use a guid.
Guid.NewGuid().ToString("D")
Is it safe to create a new Guid myself to use as a new security stamp value or will this lead to problems in future implementations of asp.net identity?
Is there a method to let the identity framework create such a stamp-value for me so that my implementation is safe for future changes?
Out of the documentation of the identity implementation for the entity-framework, it seems that it can be any random value:
IdentityUser.SecurityStamp Property
A guid seems therefore fine and the following code should be reliable also with future versions of asp.net identity.
Guid.NewGuid().ToString("D")
ASP.NET Identity UserManager provides method UpdateSecurityStampAsync(string userId)which will automatically update users security-stamp. So that next time validateInterval ends user will be automatically logged-out and forced to sign.in again.
UserManager.UpdateSecurityStampAsync(userId);
a bit late to the party, but these seem to work just fine:
await _userManager.UpdateSecurityStampAsync(user);
await _userManager.UpdateNormalizedEmailAsync(user);
await _userManager.UpdateNormalizedUserNameAsync(user);
await _userManager.SetLockoutEnabledAsync(user, true);
来源:https://stackoverflow.com/questions/29350167/how-to-create-a-security-stamp-value-for-asp-net-identity-iusersecuritystampsto