Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.net Identity 2.0 Sign-out another user

Tags:

c#

asp.net-mvc

asp.net-identity

I'm using asp.net MVC and ASP.net Identity 2.0.

On my website Admin has option to ban user, and I would like when user is banned that he is automatically signed-out from website.

I know that I can sign-out current user by calling

AuthenticationManager.SignOut();

But is it possible to sign-out another user ? Or maybe shorter his session ? Or anything ?

I know I could make global filter on controllers prohibiting banned users from access but that filter would be ran against each user so I'm not quiet satisfied with that solution.

like image 230
hyperN Avatar asked Sep 16 '14 20:09

hyperN

People also ask

What is Aspnet identity?

ASP.NET Identity is Microsoft's user management library for ASP.NET. It includes functionality such as password hashing, password validation, user storage, and claims management. It usually also comes with some basic authentication, bringing its own cookies and multi-factor authentication to the party.

What is ASP Net Identity in MVC?

ASP.NET Identity is a new authentication system that is intended to replace the existing membership system of ASP.NET. ASP.NET Identity is an OWIN (Open Web Interface for . NET) based library. Visual Studio 2013 project templates allow you to use ASP.NET Identity for securing the web application being created.

2 Answers

If you use the securitystampvalidator feature, when a user is banned just call: UpdateSecurityStamp(userId) to cause any existing login cookies to be invalid the next time they are checked.

More info about SecurityStamp?

like image 157
Hao Kung Avatar answered Oct 14 '22 12:10

Hao Kung

You'll need to configure cookie invalidation in Auth.Config.cs:

public void ConfigureAuth(IAppBuilder app)
{
    // important to register UserManager creation delegate. Won't work without it
    app.CreatePerOwinContext(UserManager.Create);

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        Provider = new CookieAuthenticationProvider
        {
            OnValidateIdentity = SecurityStampValidator
                .OnValidateIdentity<UserManager, ApplicationUser, int>(
                    validateInterval: TimeSpan.FromMinutes(10),
                    regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager))
        },
        // other configurations
    });

    // other stuff
}

and then update security stamp as Hao Kung says when users are banned.

I've blogged about this recently

like image 17
trailmax Avatar answered Oct 14 '22 11:10

trailmax
Sign in to Comment

Related questions

Passing dynamic object to C# method changes return type
Use CodeCeption assertion in conditional (if) statement
ALAssetsLibrary assetForURL: always returning nil for photos in "My Photo Stream" in iOS 8.1
How to get rid of : class type required but T found
What is the use of entitlements.plist file?
Large notification icon background
short key or default setting for Pycharm debug button ("show python prompt")
Detach debugger in Android Studio
What does .container.\31 25\25 mean in CSS?
Adding comments in a fish shell function file
How to get the ace editor to adjust to its parent div
What might be the cause of "long monitor contention event with owner method"?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!