How can I logout a specific user from my ASP.NET MVC 4 application? I prefer to perform this with the User.Id property.
Asked
Active
Viewed 1,716 times
1
-
By "specified user", do you mean a user other than the one currently logged in? – OJ Raqueño Aug 01 '16 at 01:20
-
@oj-raqueño yeah for example I am admin of the website and i want to logging out an specified user ( member ) of the website . – Moien Tajik Aug 01 '16 at 01:25
-
2Well if you use forms authentication you can't just force him out. He needs his cookie to expire. What you can do is have a short cookie life time and lockout that user (if you are using ASP.NET Identity). Another way with tokens is to revoke his token access. What is your authentication process? – gdyrrahitis Aug 01 '16 at 01:28
-
@gdyrrahitis I use identity . My main problem is that when I give a role to a user in application , the user who given the role need to be logged out and login again to role be apply . – Moien Tajik Aug 01 '16 at 01:34
1 Answers
4
Well, your problem, based on your comments, is about changing/updating/adding a person's role, but you wish to reflect this by logging him out. Because of that addition/change, the new role is not reflected into user's cookie, only in the database. That is the reason he needs to be log out and login again in order this modification to take place.
Essentially, if you are using cookie authentication, what about trying this in your Startup.Auth.cs:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(1),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Using the OnValidateIdentity will validate user's request every validateInterval minutes, so in the code above the cookie will be updated every 1 minute. If you provide a TimeSpan.FromMinutes(0) will mean that the cookie will be updated in each user's request.
Please check also the following posts and answers on StackOverflow in order to solve this particular issue.
- MVC 5 AddToRole requires logout before it works?
- ASP.NET Identity, add another user to role instantly (they don't have to log out and in again)
- What is ASP.NET Identity's IUserSecurityStampStore<TUser> interface?
Hope this will help.
Community
- 1
- 1
gdyrrahitis
- 5,598
- 3
- 23
- 37