在 ASP.NET MVC Web 应用程序中,管理员有时可能需要修改其用户配置文件,从而更改其数据库AspNetUsers记录并触发SecurityStamp重新生成。
修改SecurityStamp最终将在服务器端每 30 分钟触发一次身份验证,并切断用户的身份验证,将他发送回登录。
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
有没有办法防止这种情况发生,但允许我保持验证处于活动状态?(类似于在用户配置文件上保存更改时强制服务器和客户端之间的标识"重新对齐")
提前感谢您的所有建议!-琪 琪
您可以在进行更改后重新登录用户(此代码假定您根据默认帐户控制器和异步操作结果具有可用的用户管理器和登录管理器):
ApplicationUser user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
if (user != null)
{
await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
}