Last post Jun 17, 2015 03:22 PM by mconrad
Jun 16, 2015 06:14 AM|andri745|LINK
Hi all. I'm using Owin authentication on a MVC 5 web site. I'd like to signout some users (retrieved from a list) from ad admin account, but if I call HttpContext.GetOwinContext().Authentication.SignOut() I can disconnect current user.
Jun 16, 2015 08:23 AM|mconrad|LINK
If you use cookie authentication, enable identity validation like this
Provider = new CookieAuthenticationProvider
OnValidateIdentity = SecurityStampValidator
.OnValidateIdentity<UserManager, ApplicationUser, int>(
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager))
And then update the security stamp of the users. If the security stamp doesn't match with the cookie the user currently has active, it will get invalidated the next time and the user has to login again...
The Microsoft.AspNet.Identity.UserManager has a method UpdateSecurityStampAsync...
Jun 17, 2015 02:11 AM|andri745|LINK
Thanks for your reply. Do you have one example about the use of GetSecurityStamp() method?
Jun 17, 2015 03:22 PM|mconrad|LINK
I thought it would not be too hard to figure that one out ;)
This should do it I guess:
var userManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();