Starts in:
0 DAY
15 HRS
40 MIN
27 SEC
Starts in:
0 D
15 H
40 M
27 S
Open Closed

Override token controller #5947


User avatar
0
imranStem created

I want to implement the concurrent user login and I checked many articles and found that to update the SecurityStamp to invalidate the previous login. So I want to update the security token when user login into the system

I have written below code and override the token controller.

 [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(TokenController))]
    public class MyTokenController : TokenController
    {
        protected override async Task<IActionResult> SetSuccessResultAsync(OpenIddictRequest request, IdentityUser user)
        {
            var userManager = LazyServiceProvider.LazyGetRequiredService<IdentityUserManager>();
          await userManager.UpdateSecurityStampAsync(user);
            

            return await base.SetSuccessResultAsync(request, user);
        }
    }

Its updating the securityStamp on each login but token is not invalidated for previous same user login.

  • ABP Framework version: v7.0.1
  • UI Type: Angular
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

4 Answer(s)
  • User Avatar
    0
    imranStem created

    Any update on this?

    I also tried with below code.

      Configure<SecurityStampValidatorOptions>(options =>
            {
                options.ValidationInterval = TimeSpan.FromSeconds(5);
            });
    
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    could you please check these links https://support.abp.io/QA/Questions/3047/Disable-concurrent-user-login

    https://support.abp.io/QA/Questions/950/How-to-allow-one-user-concurrent-login-per-user

    https://github.com/aspnetboilerplate/aspnetboilerplate/issues/4821

  • User Avatar
    0
    imranStem created

    The above links are not helpful, I am using the ABP framework 7.0.1 with microservice template and openIdDict, not identity server. I have updated the securitystamp on each login which should validate and invalidated the previous token.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    Currently this feature is not implement in ABP if you can do it in a simple aspnetcore openiddict angular project then you can apply the same logic here.

    let me know if you face any issue specific to abp implemenation.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06