You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
Would it be possible to add SecurityStampValidator support to ids. This would allow to invalidate persistent cookie.
From Microsoft Identity samples:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
The text was updated successfully, but these errors were encountered:
I suspect they want the authentication cookie to be invalidated if the user has changed their password. I think we can achieve that by calling IsActive on the user service passing the identity from the authentication cookie.
Yes, a custom IUserService would return an AuthenticationResult with an identity with a secret value claim. Then, the cookie authent middleware would call to check if the secret value is still the known one. If not, the cookie is invalidated.
Calling IsActive each time the cookie authentication happens would be fine, I guess. Despite the name would not reveal clear intent.
Hi,
Would it be possible to add SecurityStampValidator support to ids. This would allow to invalidate persistent cookie.
From Microsoft Identity samples:
The text was updated successfully, but these errors were encountered: