2

In my specific situation, when a user's license has expired, a flag is set on the relevant AspNetUsers table.

This flag is checked in the login method, and if correct then the SignInManager will log the user in.

However my site, and many others, also make use of the "Remember Me" functionality. Now I have the situation where a customer's sessions is remembered and the check to see if the user's license has expired is never checked again until they next login.

Does aspnet core have a hook someplace where, when calling a method in a controller marked with the [Authorize] tag, that I can perform some additional logic (such as check the expired flag) and log them out should something fail?

Dylan
  • 1,919
  • 3
  • 27
  • 51
  • why don't your write a custom authorize action filter? https://learn.microsoft.com/en-us/aspnet/core/mvc/controllers/filters – Fran Dec 19 '16 at 19:57
  • when the flag is set, you could remove all the sessions of the user, in your server. – Jose Luis Dec 19 '16 at 20:04
  • @Fran people are saying to not create your own authorize action filter (http://stackoverflow.com/questions/31464359/custom-authorizeattribute-in-asp-net-5-mvc-6). – Dylan Dec 19 '16 at 20:31
  • @Dylan. that post seems to give you everything you need. – Fran Dec 19 '16 at 20:36

1 Answers1

0

In Startup.Auth.cs file you can set validateInterval option according to your need it will solve your issue because as soon as the licence will expire the newly generated token will not match the stored cookie token

new CookieAuthenticationProvider
{  
   OnValidateIdentity = SecurityStampValidator
      .OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
      **validateInterval: TimeSpan.FromMinutes(30),**
      regenerateIdentity: (manager, user)
      => user.GenerateUserIdentityAsync(manager))
}

For more refer to following link:-

[http://sftool.blogspot.in/2016/01/aspnet-identity-remember-me.html]

Thanks

Nadeem
  • 31
  • 1
  • 4