I want to implement the concurrent user login and I checked many articles and found that to update the SecurityStamp to invalidate the previous login. So I want to update the security token when user login into the system
I have written below code and override the token controller.
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(TokenController))]
public class MyTokenController : TokenController
{
protected override async Task<IActionResult> SetSuccessResultAsync(OpenIddictRequest request, IdentityUser user)
{
var userManager = LazyServiceProvider.LazyGetRequiredService<IdentityUserManager>();
await userManager.UpdateSecurityStampAsync(user);
return await base.SetSuccessResultAsync(request, user);
}
}
Its updating the securityStamp on each login but token is not invalidated for previous same user login.
- ABP Framework version: v7.0.1
- UI Type: Angular
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
4 Answer(s)
-
0
Any update on this?
I also tried with below code.
Configure<SecurityStampValidatorOptions>(options => { options.ValidationInterval = TimeSpan.FromSeconds(5); }); -
0
Hi
could you please check these links https://support.abp.io/QA/Questions/3047/Disable-concurrent-user-login
https://support.abp.io/QA/Questions/950/How-to-allow-one-user-concurrent-login-per-user
https://github.com/aspnetboilerplate/aspnetboilerplate/issues/4821
-
0
The above links are not helpful, I am using the ABP framework 7.0.1 with microservice template and openIdDict, not identity server. I have updated the securitystamp on each login which should validate and invalidated the previous token.
-
0
Hi
Currently this feature is not implement in ABP if you can do it in a simple aspnetcore openiddict angular project then you can apply the same logic here.
let me know if you face any issue specific to abp implemenation.
