2

I used the "AddToRole" that add a user to a role. However this change cannot be applied immediately, this user has to sign out and sign in to apply.

So how to update this change immediately?

Thank you!

Developer
  • 133
  • 2
  • 10
  • possible duplicate http://stackoverflow.com/questions/29285406/refresh-current-users-role-when-changed-in-asp-net-identity-framework/29286361 – tmg Feb 11 '16 at 07:51
  • 1
    Thanks! But your one is for the current user. My problem is for the not current user. – Developer Feb 11 '16 at 07:55
  • if it not for current user, then it the role will be mapped user immediately – anand Feb 11 '16 at 08:18
  • 1
    But the user that was changed the role still can access or cannot access specific action before sigin in again. And use "IsInRole" still return false. – Developer Feb 11 '16 at 09:26

1 Answers1

6

If you use ASP.Net Identity 2.0, this is where the SecurityStamp comes to rescue! Calling UpdateSecurityStampAsync will invalidate the user's cookie and refresh its roles:

UserManager.UpdateSecurityStampAsync(userId);

More info: What is ASP.NET Identity's IUserSecurityStampStore<TUser> interface?

Community
  • 1
  • 1
kloarubeek
  • 2,706
  • 20
  • 24
  • I think so, especially when the userId is the one from the current user ;-) – kloarubeek Dec 23 '16 at 09:37
  • I was not able to make it work. In the second request current user still have the same Roles as he had during the first one. I have to use the SignInManager.SingIn() method. – SerjG Dec 24 '16 at 15:50
  • 1
    Hmm, then it might be solved by this: http://stackoverflow.com/questions/24286489/how-do-i-forcefully-propagate-role-changes-to-users-with-asp-net-identity-2-0-1 – kloarubeek Dec 25 '16 at 20:15
  • It's interesting. Thank you! – SerjG Dec 25 '16 at 22:01