Dears, Any update on below case ? It is important for us. We want to invalidate request when user's security stamp changed. In order to redirect user to /account/login AbpSession.UserId should null. How can I achive for this ?
Dear Ismail, I validated token with security stamp also. Your above solution doesn't work. I have tried it before you. It gives error in UI. Redirecting to /account/login happens when AbpSession.UserId is null. For this I think claims extracted from token somehow should be removed.
I am using Asp.Net Core and Angular 4 template. Could you please provide working solution for this case ?
Ok. Thank you. This will help. But what I have to do in order to return 401 result from here ?(I mean token is invalid response and this have to cause redirecting login page)
Hi dears, I have a question about ASP.NET Core Web Api + Angular4 template. You are using JWT for authentication. My question is about it. If I change password or something about the user JWT validation have to fail and new JWT token should be needed. (f.e. security reasons, user blocked, password changed). Currently in your template validation fails only when expire date reaches. In our project we have strict rules for such cases. What should we use in order to invalidate current user token if something(f.e. password, username) about user changed ? P.S. When generating JWT token a number of claims is used. For example: username, role, security stamp. Are this claims validated also then JWT token validated ? I think no. Because I changes the username and token still successfully validated or when password is changed new security stamp generated. But token still successfully validated. I think it is a big problem.