ASP.net Identity 2.0 Sign-out another user

Question

I'm using asp.net MVC and ASP.net Identity 2.0.

On my website Admin has option to ban user, and I would like when user is banned that he is automatically signed-out from website.

I know that I can sign-out current user by calling

AuthenticationManager.SignOut();

But is it possible to sign-out another user ? Or maybe shorter his session ? Or anything ?

I know I could make global filter on controllers prohibiting banned users from access but that filter would be ran against each user so I'm not quiet satisfied with that solution.

You should cache every ban user and then delete his cookie at the filter. — Fals, Sep 16 '14 at 20:53

score 19 · Answer 1 · edited May 23 '17 at 11:53

19

If you use the securitystampvalidator feature, when a user is banned just call: UpdateSecurityStamp(userId) to cause any existing login cookies to be invalid the next time they are checked.

More info about SecurityStamp?

edited May 23 '17 at 11:53

Community

1
1

answered Sep 16 '14 at 21:15

Hao Kung

28,040
6
84
93

I've added that line of code in my project but user wasn't logged out, can you explain me bit further how should I use it ? – hyperN Sep 16 '14 at 23:11
8

It doesn't log the user out immediately, there's the validateInterval on the security stamp which you need to configure for how often the cookie is validated. – Hao Kung Sep 17 '14 at 18:50

score 17 · Accepted Answer · answered Sep 17 '14 at 09:52

17

You'll need to configure cookie invalidation in Auth.Config.cs:

public void ConfigureAuth(IAppBuilder app)
{
    // important to register UserManager creation delegate. Won't work without it
    app.CreatePerOwinContext(UserManager.Create);

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        Provider = new CookieAuthenticationProvider
        {
            OnValidateIdentity = SecurityStampValidator
                .OnValidateIdentity<UserManager, ApplicationUser, int>(
                    validateInterval: TimeSpan.FromMinutes(10),
                    regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager))
        },
        // other configurations
    });

    // other stuff
}

and then update security stamp as Hao Kung says when users are banned.

I've blogged about this recently

answered Sep 17 '14 at 09:52

trailmax

34,305
22
140
234

app.CreatePerOwinContext(UserManager.Create) - do the trick for me. I am using autofac, so in my case it looks like this: app.CreatePerOwinContext(() => DependencyResolver.Current.GetService()); app.CreatePerOwinContext(() => DependencyResolver.Current.GetService>()); Where Db is DbContext and User is a class that is derived from IdentityUser – Sergey Nov 20 '14 at 13:04
I don't quite understand this. I am using the standard template, so it generates `app.CreatePerOwinContext(ApplicationUserManager.Create);` which I guess it is the same with `app.CreatePerOwinContext(UserManager.Create);`? It doesn't work in my case :( – Sam Aug 26 '20 at 02:13
I use identity server 4 skurba but i think there is no such Middelware for .net core 6 and identity server 4 . – mahdi Jan 01 '23 at 10:25
@mahdi this answer is over 8 years old. At that time there was no .net Core, nevermind v6 of it. Of course it does not match your code. – trailmax Jan 05 '23 at 14:09

ASP.net Identity 2.0 Sign-out another user

2 Answers2

Linked