问题
In my MVC-5 application, I have to create security stamp values manually. The current implementation of the identity team seems to use a guid.
Guid.NewGuid().ToString("D")
Is it safe to create a new Guid myself to use as a new security stamp value or will this lead to problems in future implementations of asp.net identity?
Is there a method to let the identity framework create such a stamp-value for me so that my implementation is safe for future changes?
回答1:
Out of the documentation of the identity implementation for the entity-framework, it seems that it can be any random value:
IdentityUser.SecurityStamp Property
A guid seems therefore fine and the following code should be reliable also with future versions of asp.net identity.
Guid.NewGuid().ToString("D")
回答2:
ASP.NET Identity UserManager provides method UpdateSecurityStampAsync(string userId)which will automatically update users security-stamp. So that next time validateInterval ends user will be automatically logged-out and forced to sign.in again.
UserManager.UpdateSecurityStampAsync(userId);
回答3:
a bit late to the party, but these seem to work just fine:
await _userManager.UpdateSecurityStampAsync(user);
await _userManager.UpdateNormalizedEmailAsync(user);
await _userManager.UpdateNormalizedUserNameAsync(user);
await _userManager.SetLockoutEnabledAsync(user, true);
来源:https://stackoverflow.com/questions/29350167/how-to-create-a-security-stamp-value-for-asp-net-identity-iusersecuritystampsto