Issue
For example I delete a user, but he can still walk around the site like nothing happened.
For another example, I remove a role from a user to prevent him to access areas on the site that require the role, but until the token expires he can still access them.
So my questions are:
Is there any way I can revoke the claim or token of the user after modifying his roles?
What are the alternatives to the default claim based authorization of Entity Framework, where I can remove access from the user instantly?
What would be the ultimate solution where I don't have to make too many unnecessary calls to the database and I can still do the thing i mentioned in the previous question? For example, could I replace the unnecessary database calls with some kind of memory caching?
Solution
You want to have the following configuration in place before you delete the user:
services.Configure<SecurityStampValidatorOptions>(options =>
{
options.ValidationInterval = TimeSpan.FromMinutes(1);
});
Then you want to signout the user just before you delete the user. Then the user cookie will be invalid and the deleted user cannot login again.
Resource: https://stackoverflow.com/a/62105305/432074
Answered By - Örvar Answer Checked By - Marie Seifert (PHPFixing Admin)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.