Logging out an specific user in ASP.NET MVC

Question

How can I logout a specific user from my ASP.NET MVC 4 application? I prefer to perform this with the User.Id property.

Answer 1

Well, your problem, based on your comments, is about changing/updating/adding a person's role, but you wish to reflect this by logging him out. Because of that addition/change, the new role is not reflected into user's cookie, only in the database. That is the reason he needs to be log out and login again in order this modification to take place.

Essentially, if you are using cookie authentication, what about trying this in your Startup.Auth.cs:

app.UseCookieAuthentication(new CookieAuthenticationOptions {
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(1),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

Using the OnValidateIdentity will validate user's request every validateInterval minutes, so in the code above the cookie will be updated every 1 minute. If you provide a TimeSpan.FromMinutes(0) will mean that the cookie will be updated in each user's request.

Please check also the following posts and answers on StackOverflow in order to solve this particular issue.

• MVC 5 AddToRole requires logout before it works?
• ASP.NET Identity, add another user to role instantly (they don't have to log out and in again)
• What is ASP.NET Identity's IUserSecurityStampStore<TUser> interface?

Hope this will help.