如何使用 ASP.NET Identity 2.0.1 将角色更改强制传播给用户? [英] How do I forcefully propagate role changes to users with ASP.NET Identity 2.0.1?

问题描述

我已阅读this 虽然它解释了角色更改将如何在一段时间后最终传播到用户 cookie，但我仍然不明白我如何强制立即更改用户角色.

I've read this and while it explains how role changes will eventually propagate to the user cookie after some time interval, I still don't understand how I force an immediate change to user roles.

当我更改用户的管理员角色时，我真的必须注销用户吗?如果是这样 - 如何?如果我使用 AuthenticationManager.SignOut(); 那么我会注销我自己(管理员)，而不是我想要更改其角色的用户.

Do I really have to sign the user out when I change his roles as administrator? If so — how? If I use AuthenticationManager.SignOut(); then I sign off myself (admin), not the user, whose roles I want to change.

目前我使用 await UserManager.UpdateSecurityStampAsync(user.Id); 来生成新的安全标记，但它不起作用.当我以其他用户身份登录时在另一个浏览器中刷新页面时，他的声明(包括安全标记)不会改变.

Currently I use await UserManager.UpdateSecurityStampAsync(user.Id); to generate a new security stamp, but it does not work. When I refresh a page in another browser while logged in as another user his claims (including security stamp) do not change.

推荐答案

如果您希望立即撤销 cookie，那么每个请求都必须访问数据库以验证 cookie.因此，延迟之间的权衡取决于您的数据库负载.但您始终可以将validationInterval 设置为0.

If you want to enable immediate revocation of cookies, then every request must hit the database to validate the cookie. So the tradeoff between delay is with your database load. But you can always set the validationInterval to 0.

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromSeconds(0),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

这篇关于如何使用 ASP.NET Identity 2.0.1 将角色更改强制传播给用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！