How do I forcefully propagate role changes to users with ASP.NET Identity 2.0.1?

Question

I\'ve read this and while it explains how role changes will eventually propagate to the user cookie after some time interval, I still don\'t understand how I force an im

Answer 1

If you want to enable immediate revocation of cookies, then every request must hit the database to validate the cookie. So the tradeoff between delay is with your database load. But you can always set the validationInterval to 0.

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromSeconds(0),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});