FSMaxB FSMaxB - 13 days ago 15
C# Question

ASP .NET Core Identity: How to sign out a user

I am trying to log out all active sessions of a user that I am changing (deleting, adding or removing roles, changing the password etc.).

I found solutions for old versions of ASP .NET. Essentially calling

UserManager.UpdateSecurityStampAsync(userId);
but this doesn't seem to work with ASP .NET Core. I can call the function, but it just does nothing. The user is still logged in after that.

So how on earth can I log out a logged in user (all open sessions)?

tmg tmg
Answer

There is a property of IdentityOptions called SecurityStampValidationInterval, which sets how often the cookie is validated. Its set to 30 minutes by default. You can change that:

services.Configure<IdentityOptions>(options =>
{
     options.SecurityStampValidationInterval = TimeSpan.FromTicks(1);             
});
Comments