Menu
In my MVC-5 application, I have to create security stamp values manually. The current implementation of the identity team seems to use a guid.
Guid.NewGuid().ToString("D")
Is it safe to create a new Guid myself to use as a new security stamp value or will this lead to problems in future implementations of asp.net identity?
Is there a method to let the identity framework create such a stamp-value for me so that my implementation is safe for future changes?
884
The security stamp is a Guid stored in the database against the user. It gets updated when certain actions take place within the Identity UserManager class and provides a way to invalidate old tokens when an account has changed.
Product overview. Used to cover your address, social security number, account numbers or any other sensitive information. Our security stamp eliminates the need for bulky, noisy and expensive shredders.
Out of the documentation of the identity implementation for the entity-framework, it seems that it can be any random value:
IdentityUser.SecurityStamp Property
A guid seems therefore fine and the following code should be reliable also with future versions of asp.net identity.
Guid.NewGuid().ToString("D") ASP.NET Identity UserManager provides method UpdateSecurityStampAsync(string userId)which will automatically update users security-stamp. So that next time validateInterval ends user will be automatically logged-out and forced to sign.in again.
UserManager.UpdateSecurityStampAsync(userId); a bit late to the party, but these seem to work just fine:
await _userManager.UpdateSecurityStampAsync(user);
await _userManager.UpdateNormalizedEmailAsync(user);
await _userManager.UpdateNormalizedUserNameAsync(user);
await _userManager.SetLockoutEnabledAsync(user, true);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
