OnValidateIdentity logs off all users #5255 | Support Center

OriAssurant created 6 years ago

Dear Support,

We're using MVC 5.* + AngularJS1.*. We are trying to implement logging off another user when that user's securitystamp gets changed. We set up the OnValidateIdentity event in CookieAuthenticationProvider (UserManager is resolved and registered in OwinContext):

app.CreatePerOwinContext(() => IocManager.Instance.Resolve<UserManager>());

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<UserManager, User, long>(
                            validateInterval: TimeSpan.FromMinutes(1),
                            regenerateIdentityCallback: (manager, user) => manager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie),
                            getUserIdCallback: (ci) => (Int64.Parse(ci.GetUserId())))
    },
    SlidingExpiration = true,
    ExpireTimeSpan = TimeSpan.FromMinutes(30)
});

*: THE GetUserId() is under namespace Microsoft.AspNet.Identity instead of Abp.Runtime.Security.

After doing this, we noticed that all users get signed off (in one minute as I set the validate interval to be 1 minute), no matter whether the user's securitystamp gets updated or not. But we only want to log out users whose securitystamp has been changed. Do I miss something or do anything wrong in setting up the cookie authentication provider?

Thank you,

4 Answer(s)

0

OriAssurant created 6 years ago

We separate our host database and tenant databases. And tenant users only exists in their own tenant databases. Would that cause the UserManager not able to find any user so that identityvalidation all fail and log out all users?
0

ismcagdas created 6 years ago
Support Team

Hi,

This might help <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/818#issuecomment-175117869">https://github.com/aspnetboilerplate/as ... -175117869</a>. Have you tried it with a Tenant which uses host database ?
0

OriAssurant created 6 years ago

<cite>ismcagdas: </cite> Hi,

This might help <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/818#issuecomment-175117869">https://github.com/aspnetboilerplate/as ... -175117869</a>. Have you tried it with a Tenant which uses host database ?

Yeah, it's working for users in host database but not tenant users.. Finally I resolved it with the combination of EventBus and Signalr (Register the Signalr client in layout.js so that the logout event could always be triggered for the target user no matter which page the target user is on). Thank you!
0

ismcagdas created 6 years ago
Support Team

Thanks for sharing your solution :)

Have an answer to this question? Log in and write your answer.