ASP.net Identity 2.0 Sign-out another user

Question

I'm using asp.net MVC and ASP.net Identity 2.0.

On my website Admin has option to ban user, and I would like when user is banned that he is automatically signed-out from website.

I know that I can sign-out current user by calling

AuthenticationManager.SignOut();

But is it possible to sign-out another user ? Or maybe shorter his session ? Or anything ?

I know I could make global filter on controllers prohibiting banned users from access but that filter would be ran against each user so I'm not quiet satisfied with that solution.

Answer 1

If you use the securitystampvalidator feature, when a user is banned just call: UpdateSecurityStamp(userId) to cause any existing login cookies to be invalid the next time they are checked.

More info about SecurityStamp?

Answer 2

You'll need to configure cookie invalidation in Auth.Config.cs:

public void ConfigureAuth(IAppBuilder app)
{
    // important to register UserManager creation delegate. Won't work without it
    app.CreatePerOwinContext(UserManager.Create);

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        Provider = new CookieAuthenticationProvider
        {
            OnValidateIdentity = SecurityStampValidator
                .OnValidateIdentity<UserManager, ApplicationUser, int>(
                    validateInterval: TimeSpan.FromMinutes(10),
                    regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager))
        },
        // other configurations
    });

    // other stuff
}

and then update security stamp as Hao Kung says when users are banned.

I've blogged about this recently