How to force logout user when his/her username is changed by another user?

Question

In my application I am using Forms-Authentication to sign in and sign out users.

One functionality is admin can change the username of other users. In that case, I

Answer 1

Here's what you do to force user to sign out:

public void UserPasswordChangedHandler()
{
  FormsAuthentication.SignOut();
  Roles.DeleteCookie();
  Session.Clear();
}

I don't think line by line explanation required, its self explanatory enough. Please let me know if I am mistaken.

Update

Straightforward answer to your additional question is to keep per user boolean tracking if his data was updated by admin and if yes - just redirect him to login page.

Please see following articles for forced logout using forms authentication information:

• How can I force a user to log out
• How can I force a log out of all users for a website,
• ASP.NET forms authentication forced logout
• How to log off multiple MembershipUsers that are not the current user

Update 2

Clearing cookies

• HowTo: create and remove Cookies with ASP.NET MVC
• How do you clear cookies in ASP NET MVC 3 and C#
• How do I invalidate a bad authentication cookie

Hope this help you.

Answer 2

When a user needs to become invalidated you must add their details to some kind of internal static list.

Then on every page request (possibly using Application_BeginRequest) see if that current user is in that list, and if so to call FormsAuthentication.SignOut there-and-then.

It seems like a bit of a hack, but it's the best I can think of right now.

Note that removing a user-in-absentia's session state is another issue entirely.