I'm using WebSecurity and SimpleMembershipProvider to log users in.
The user can change their email
Dim memberId As Integer = 1
Dim context As UsersContext = New UsersContext
Dim userProfile As UserProfile =
context.UserProfiles.Where(Function(f) f.UserId = memberId).SingleOrDefault()
' Email before the change: "a@a.com"
userProfile.UserName = "b@b.com"
context.SaveChanges()
After this updates, however, the HttpContext still reports the user as their old email.
' Name is "a@a.com" but should be "b@b.com"
HttpContext.User.Identity.Name
At first I thought I could just log the user out and back in
WebSecurity.Logout()
' but I don't have the user's password
WebSecurity.Login("b@b.com", "???")
How can I refresh the authentication cookie somehow to reflect a user changing their login details?
To change a cookie through membership, you seem stuck with logging the user out and logging them back in.
The dilemma you are faced with at that point is how to log a user in without their passowrd.
The best prospect seems to be asking for the user's password during username change. This has a reasonable feel to it and arms you with the password.