问题
I'm using the ASPNET Identity tables for my MVC 5 application. Each night we perform "maintenance" on our database. If we modify something under that user, I want to inactivate their current session so that the next action they perform in the web application will kick them back to the login screen. The authentication/authorization already is built into my application using AspNet.Identity. I just need a way to wake it up by setting a flag if it exists.
For example the ASPNETUsers table has an "Inactive" column, but that's too permanent. I'm looking for the "ThisGuyIsLoggedIn" column.
This was close to the same problem, but the answer was to manage it from within MVC, which is not an option.
forcefully log out a specific user among all online users
回答1:
After playing with some of the columns I realized, you can change the SecurityStamp column which will invalidate the user and cause any authentication to fail. Just don't change it to NULL.
UPDATE AspNetUsers
SET SecurityStamp = NEWID()
WHERE Id = @USER_ID
回答2:
I would like to share this link, with a full description of how to force user logout.
https://tech.trailmax.info/2015/09/prevent-multiple-logins-in-asp-net-identity/
full project on github: https://github.com/shaahink/Prevent-Multiple-Login-ASPNETIdentity
If you need to reset the security stamp:
var result = await UserManager.UpdateSecurityStampAsync(user.Id);
It's very nice solution to reset user stamp from admin panel.
来源:https://stackoverflow.com/questions/34934378/asp-net-identity-force-logout-from-sql