0

If a user logs out in another session. Or is deleted or disabled, I want to have that reflected in all other sessions.

Codewrinkles provides a moderately complex solution here using his own IdentityValidationProvider class. Is that the best way to do it? I ask because Microsoft has all this A&A stuff pretty well designed and this would be a noticeable miss.

And there's the AuthenticationStateProvider.AuthenticationStateChanged Event. Now I've read in numerous places that you should not use AuthenticationStateProvider to get the user because it does not reflect changes. But with that limitation, does the AuthenticationStateChanged event still work?

Or is there another way to accomplish this?

And once I get the event that the authenticated user has changed (or gone away), is it on me to get the notification to the MainLayout.razor and every child razor file individually? Or is there a clean way to just rebuild the page I have up, like call NavigationManager.RedirectTo(currentPage)?

The best approach I see (if there's better, please let me know) is to create a scoped service with an event. I have MainLayout subscribe to the event and I call the event when the authentication state changes. In MainLayout, when the event firs and calls me, I call StateHasChanged().

David Thielen
  • 28,723
  • 34
  • 119
  • 193
  • I would've also used the service approach (DI). Not sure if there are really any other better ways of doing it. Using a subscription like this will give you a lot of control in general, which you could also use to resolve your issue here: https://stackoverflow.com/questions/76371849/how-can-i-logout-programmatically-identity-in-a-blazor-server-app - In other words, when a user logs out, you can tell the service that, flag any sessions tied to the user (through registration on login) and then kill those sessions. Server side is great for this when using Singletons. – Marius Jun 01 '23 at 15:27

1 Answers1

0

Create a Middleware to check the user on each request,

Create a Table "UserLoginInfo" Id, IP, LoginDate, LogoutDate?, and everything you think would help you on future.

Save Login info on the UserLoginInfo Table, when your logged in.

if user logged out, disabled or deleted, set LogoutDate.

Check the LogoutDate to prevent other session request and signed out the user on first request.

I hope this help you.

mRizvandi
  • 983
  • 1
  • 8
  • 20
  • That would not be using the Identity Authentification & Authorization system which strikes me as a really bad idea. It also doesn't address the AuthenticationStateTask which is deciding visibility when constructing the page so it leaves that as a problem. – David Thielen Jun 01 '23 at 15:09