1

I have a passwordChange form to change the user password when is his first time login change it. After change the password I'm redirecting to the login page. The issue is that while Im in the changePasswordForm if I open a new tab, or close and open again the browser the user get logon, Im skipping the password change if is first time.

    [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> ResetPassword(ResetPasswordInputModel model)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }

        var result = await _accountService.ResetPasswordAsync(model);

        if (!result.Succeeded)
        {
            foreach (var error in result.Errors)
            {
                ModelState.AddModelError(string.Empty, error.Description);
            }

            return View();
        }

        TempData["IsPasswordChanged"] = true;
        return RedirectToAction("Login", routeValues: new { ReturnUrl = model.ReturnUrl });
    }


    public async Task<IdentityResult> ResetPasswordAsync(ResetPasswordInputModel model)
    {
        var user = await _userManager.FindByNameAsync(model.Username);
        var error = new IdentityError();
        if (user == null)
        {
            error.Description = "User doesnt exist";
            return IdentityResult.Failed(error);
        }

        var cantUpdatePassword = await _userManager.CheckPasswordAsync(user, model.NewPassword);
        if (cantUpdatePassword)
        {
            error.Description = "Current password incorrect";
            return IdentityResult.Failed(error);
        }

        var result = await _userManager.ChangePasswordAsync(user, model.CurrentPassword, model.NewPassword);
        if (result.Succeeded)
        {
            user.IsPasswordChanged = true;
            await _userManager.UpdateAsync(user); 
           
            // THIS IS NOT WORKING
            await _signInManager.SignOutAsync();
            await _events.RaiseAsync(new UserLogoutSuccessEvent(user.Id.ToString(), user.UserName));
        }

        return result;
    }
adym
  • 13
  • 3
  • 1
    There are common practices you should follow https://stackoverflow.com/a/23633068/6527049 – Vivek Nuna Oct 14 '21 at 19:18
  • Can you share the response headers for the request that calls `_signInManager.SignOutAsync()` please? – mackie Oct 15 '21 at 08:09
  • I fix the problem for close tab and window, no I have only the issue after he change the password that return to the login form. – adym Oct 15 '21 at 13:09

1 Answers1

0

You can use Session.Abandon() after the logout and then you should probably redirect to login,

T. Nielsen
  • 835
  • 5
  • 18
  • Session.Abandon() is from HttpContext, how do I access to it, cause right now in my code I can see it. – adym Oct 14 '21 at 19:39
  • Presuming You are in .net framework code it sits in System.Web namespace, add a using statement – T. Nielsen Oct 14 '21 at 19:50