I'm usigin Asp.net Identity to authenticate user and I'm trying to lockout any user from admin side. But when I lockout any user who is online, It didn't logout. I have read many comments about my problem but all of them didn't work. I tried UserManager.UpdateSecurityStamp to logout user but it didn't work as well. How can I logout the user instantly when I lockout it ?
public ActionResult LockUser(string userId)
{
_userManager.SetLockoutEnabled(userId, true);
_userManager.SetLockoutEndDate(userId,DateTime.Today.AddYears(999));
var user = _userManager.FindById(userId);
_userManager.UpdateSecurityStamp(userId);
return RedirectToAction("UserDetail",new { userId });
}
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/UnAuthorize/Index"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<AppUserManager, User>(
validateInterval: TimeSpan.FromMinutes(1),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Most likely you are missing registration of ApplicationUserManager with OWIN. You still need to let OWIN know how to get user manager because it uses it to get a new security stamp for a user.
In you Startup.Auth.cs make sure you have this registration:
app.CreatePerOwinContext(() => DependencyResolver.Current.GetService<ApplicationUserManager>());