0
shobhit created
- ABP Framework version: v4.2.2
- UI Type: Angular
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
We have deleted user and user was logged-in at that point of time. User has not logged-out and even next day user was able to login. it is big security issue. What should be done to prevent this.
4 Answer(s)
-
0
Hi,
We will check it.
-
0
You can track this: https://github.com/abpframework/abp/issues/17927
-
0
Thanks liangshiwei. So what is the quick solution as it is big security risk for us.
-
0
Hi,
You can try :
..... app.UseAuthentication(); app.Use(async (httpContext, next) => { var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>(); if (currentUser.IsAuthenticated) { var userManager = httpContext.RequestServices.GetRequiredService<IdentityUserManager>(); if (await userManager.FindByIdAsync(currentUser.Id.ToString()) == null) { await httpContext.SignOutAsync(); httpContext.Response.Redirect("...."); return; } } await next(); });