How to kick a user in ASP.NET Identity?

N

nordwind20132018-10-22 08:46:37

ASP.NET

nordwind2013, 2018-10-22 08:46:37

The point is this. When blocking a user, you need to immediately make him inactive. I implemented the lock, but the user now has to logout himself, and after that he is no longer authorized. However, this is not acceptable in my case. I'm sure there are people here who have experienced this. Thanks, colleagues.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

eRKa, 2018-10-22
@nordwind2013

There are several ways:
1) If it is asp.mvs, then override the Authorize attribute, in it, check the user for some IsBlackList field.
2) If this is also asp.mvs, then you probably added the IsBlackList field to Claim, which means authorization can be done based on Claims and methods marked with this attribute will filter out blocked ones. Details here .
3) If this is asp core, then everything is done on the basis of security policies, examples are also here .
4) But as for me, the easiest way is to change the role of the user when blocking and, accordingly, the controllers should be marked with those policies that do not include the blocked role. This should be enough, after blocking, the first request will check the role and redirect to the login page.

M

mletov, 2018-10-22
@mletov

The first thing that comes to mind is to check if the user is on the blocked list during all page movements, if there is - to bang the appropriate cookies on his computer either directly or logout through the Identity API.
Another question is how to implement it beautifully, so as not to shove it into every action like CheckUserDisable();
Can it is possible somehow through attributes.
https://stackoverflow.com/questions/25878218/asp-n...