How to create a security stamp value for asp.net identity (IUserSecurityStampStore)

asp.net asp.net-mvc-5 asp.net-identity
24,198

Solution 1

Out of the documentation of the identity implementation for the entity-framework, it seems that it can be any random value:

IdentityUser.SecurityStamp Property

A guid seems therefore fine and the following code should be reliable also with future versions of asp.net identity.

Guid.NewGuid().ToString("D")

Solution 2

ASP.NET Identity UserManager provides method UpdateSecurityStampAsync(string userId)which will automatically update users security-stamp. So that next time validateInterval ends user will be automatically logged-out and forced to sign.in again.

UserManager.UpdateSecurityStampAsync(userId);

Solution 3

a bit late to the party, but these seem to work just fine:

        await _userManager.UpdateSecurityStampAsync(user);
        await _userManager.UpdateNormalizedEmailAsync(user);
        await _userManager.UpdateNormalizedUserNameAsync(user);
        await _userManager.SetLockoutEnabledAsync(user, true);
Share:
24,198

Related videos on Youtube

HCL
Author by

HCL

Updated on July 09, 2022

Comments

  • HCL
    HCL almost 2 years

    In my MVC-5 application, I have to create security stamp values manually. The current implementation of the identity team seems to use a guid.

    Guid.NewGuid().ToString("D")

    Is it safe to create a new Guid myself to use as a new security stamp value or will this lead to problems in future implementations of asp.net identity?
    Is there a method to let the identity framework create such a stamp-value for me so that my implementation is safe for future changes?

  • HCL
    HCL about 9 years
    This is not an answer to my question. I was looking for a future-proof way on how to create the stamp-value manually (not to set it). Luckily I found in the docs of the asp.identiy Entity-Framework -implementation the note that any random value will do. Please see my answer. Thanks anyway.
  • Shoaib Shakeel
    Shoaib Shakeel about 9 years
    You can look here that identity also uses Guid to create new Security stamps so i think there is no problem for you to create your own. github.com/aspnet/Identity/blob/dev/src/… Identity only provides two methods UpdateSecurityStampAsync and GetSecurityStampAsync so you will have to create your own string if you want to have control.
  • jstuardo
    jstuardo almost 4 years
    This does not work for new users since userId still does not exist. The workaround could be to save the user first, then set the security stamp which will cause the user to be saved again. I think it is better to manually create the GUID.
  • Shoaib Shakeel
    Shoaib Shakeel over 3 years
    @jstuardo this was answered 5 years ago and was valid for user's use-case
  • jstuardo
    jstuardo over 3 years
    @ShoaibShakeel I have already solved the problem. Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can customize Asp.net Identity 2 username already taken validation message?
How can I check if a user exists in my Login action?
Updating user role using asp.net identity
How to implement a TokenProvider in ASP.NET Identity 1.1 nightly build?
Extending asp.net mvc 5 identity with custom tables
Invalid object name 'dbo.AspNetUsers' in Asp.NET MVC 5 Entity Framework
Use ActiveDirectory authorization with ASP.NET Identity
How to create ASP.Net Identity tables inside existing database?
Email Confirmation with MVC 5 and Asp.net Identity
How does a new ASP.NET MVC 5 application know how to create a database and how does the Account Controller access the database?