c# - 更新用户的成员角色

Question

我正在使用 asp.net MVC 5 identity 2.0管理员能够更改用户的角色，但用户必须重新登录才能看到更改。首先想到的是手动重新登录用户，但我失败了。之后我想到了动态改变用户的角色或其他东西。你能给我正确的方法吗？我使用 UserManager.AddToRolesAsync 设置用户的角色我尝试了很多事情，例如:

var memberUser = Membership.GetUser(user.UserName.ToString());
if (memberUser.IsOnline)
{
        FormsAuthentication.SignOut();
}

或者也尝试清理我的 cookie。我不知道如何注销另一个用户。我也读过这样的文章

http://w3facility.org/question/mvc-5-addtorole-requires-logout-before-it-works/

How do I forcefully propagate role changes to users with ASP.NET Identity 2.0.1?

How to force logout user when his/her username is changed by another user?

ASP.net Identity 2.0 Sign-out another user

Answer 1

看看Hao Kung提供的答案在 this post他准确描述了如何使用 SecurityStamp 解决此问题。

https://stackoverflow.com/a/19505060/1454538

So the primary purpose of the SecurityStamp is to enable sign out everywhere. The basic idea is that whenever something security related is changed on the user, like a password, it is a good idea to automatically invalidate any existing sign in cookies, so if your password/account was previously compromised, the attacker no longer has access.

In 2.0.0 we added the following configuration to hook the OnValidateIdentity method in the CookieMiddleware to look at the SecurityStamp and reject cookies when it has changed. It also automatically refreshes the user's claims from the database every refreshInterval if the stamp is unchanged (which takes care of things like changing roles etc)

这应该让你继续。