问题
So from What is ASP.NET Identity's IUserSecurityStampStore<TUser> interface? we learn that ASP.NET Identity has a security stamp feature that is used to invalidate a users login cookie, and force them to re-login.
In my MVC app, it is possible for admins to archive users. When arched, they should immediately be logged out and forced to log in again (which would then reject them since they're archived).
How can I do this? I understand that the security stamp is the key. The default setup looks like this:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Through experimenting, if I set the validateInterval to something like 1 minute, and then manaully hack a users security stamp in the database, then they are forced to re-login but only after that time period has elapsed.
Is there a way to make this instant, or is it just a matter of setting the interval to a low time period and waiting (or implementing my own OnValidateIdentity that checks on every request)
Thanks
回答1:
You stated your options correctly, either low interval/waiting or hooking your own custom OnValidateIdentity.
Here's a similar question: Propagate role changes immediately
来源:https://stackoverflow.com/questions/24570872/asp-net-identity-forcing-a-re-login-with-security-stamp