How do you sign-out all sessions with ASP.NET Identity?
Lets say you are signed-in from two different browser with the same user. When the user signs-out from one browser, the session of the other browser should be invalidated as well.
(I need this to invalided all sessions of a user on password change.)
You can sign-out the current session with ASP.Net Identity with the following code.
var AutheticationManager = HttpContext.GetOwinContext().Authentication; AuthenticationManager.SignOut();
This will not sign-out all sessions of a user.
Edit:
The idea with the session was a good starting point. I solved the problem and wrote a blog post in case you have the same problem.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You can achieve this by adding a newly created session from the Global.asax in a list.
Iterate afterwards to compare the user and SignOut the user’s sessions.
protected void Session_Start(object sender, EventArgs e)
{
MyGlobalObject.Sessions.Add(HttpContext.GetOwinContext().Authentication);
}
And later, in the signout event:
private void SignoutAll()
{
foreach (var authenticationManager in MyGlobalObject.Sessions)
{
authenticationManager.SignOut();
}
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0