I'm using UpdateSecurityStamp
to logout user from all browsers.
My code is:
var userManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
using (var db = new Entities())
{
var user = db.AspNetUsers.FirstOrDefault(x => x.Id.Equals("c0bf0112-c856-4bc9-a29f-0bd28c65bfe9"));
user.PhoneNumber = "1234"; //old phone number was ""
db.SaveChanges();
//phone number is updated in database
}
userManager.UpdateSecurityStamp(User.Identity.GetUserId()); //phone number value is reverted
Issue:
Any value updated before calling UpdateSecurityStamp
is reverted.
If I go to database and manually updated a column value, its reverted back on calling UpdateSecurityStamp
. Why?
I can't figure out why it reverts user data but I found a hack to tackle this. Instead of calling
userManager.UpdateSecurityStamp(userId);
use
userObject.SecurityStamp = Convert.ToString(Guid.NewGuid());
i.e, just update security stamp for a user.