更新用户的成员角色
Update user's membership role
我正在使用 asp.net MVC 5 身份 2.0
管理员能够更改用户的角色,但用户必须重新登录才能看到更改。首先想到的是手动重新登录用户,但我失败了。之后我想到了动态改变用户的角色或其他东西。你能给我正确的方法吗?
我使用 UserManager.AddToRolesAsync 设置用户的角色
我尝试了很多方法,例如:
var memberUser = Membership.GetUser(user.UserName.ToString());
if (memberUser.IsOnline)
{
FormsAuthentication.SignOut();
}
或者也尝试清理我的 cookie。
我不知道如何注销另一个用户。
我也读过这样的文章
http://w3facility.org/question/mvc-5-addtorole-requires-logout-before-it-works/
How do I forcefully propagate role changes to users with ASP.NET Identity 2.0.1?
How to force logout user when his/her username is changed by another user?
ASP.net Identity 2.0 Sign-out another user
看看 Hao Kung on this post 提供的答案,他详细描述了如何使用 SecurityStamp 解决这个问题。
So the primary purpose of the SecurityStamp is to enable sign out
everywhere. The basic idea is that whenever something security related
is changed on the user, like a password, it is a good idea to
automatically invalidate any existing sign in cookies, so if your
password/account was previously compromised, the attacker no longer
has access.
In 2.0.0 we added the following configuration to hook the
OnValidateIdentity method in the CookieMiddleware to look at the
SecurityStamp and reject cookies when it has changed. It also
automatically refreshes the user's claims from the database every
refreshInterval if the stamp is unchanged (which takes care of things
like changing roles etc)
这应该让你继续。
我正在使用 asp.net MVC 5 身份 2.0 管理员能够更改用户的角色,但用户必须重新登录才能看到更改。首先想到的是手动重新登录用户,但我失败了。之后我想到了动态改变用户的角色或其他东西。你能给我正确的方法吗? 我使用 UserManager.AddToRolesAsync 设置用户的角色 我尝试了很多方法,例如:
var memberUser = Membership.GetUser(user.UserName.ToString());
if (memberUser.IsOnline)
{
FormsAuthentication.SignOut();
}
或者也尝试清理我的 cookie。 我不知道如何注销另一个用户。 我也读过这样的文章
http://w3facility.org/question/mvc-5-addtorole-requires-logout-before-it-works/
How do I forcefully propagate role changes to users with ASP.NET Identity 2.0.1?
How to force logout user when his/her username is changed by another user?
ASP.net Identity 2.0 Sign-out another user
看看 Hao Kung on this post 提供的答案,他详细描述了如何使用 SecurityStamp 解决这个问题。
So the primary purpose of the SecurityStamp is to enable sign out everywhere. The basic idea is that whenever something security related is changed on the user, like a password, it is a good idea to automatically invalidate any existing sign in cookies, so if your password/account was previously compromised, the attacker no longer has access.
In 2.0.0 we added the following configuration to hook the OnValidateIdentity method in the CookieMiddleware to look at the SecurityStamp and reject cookies when it has changed. It also automatically refreshes the user's claims from the database every refreshInterval if the stamp is unchanged (which takes care of things like changing roles etc)
这应该让你继续。