SecurityStamp is not worked in ASP.NET Identity Core version.

[daisukenishino2]

Requirement

• SecurityStamp is not worked in ASP.NET Identity Core version.
• This may be due to a lack of implementation
  • https://github.com/OpenTouryoProject/MultiPurposeAuthSite/blob/develop/root/programs/CommonLibrary/Entity/ApplicationUser.cs#L399.
  • https://github.com/OpenTouryoProject/MultiPurposeAuthSite/blob/develop/root/programs/MultiPurposeAuthSite/MultiPurposeAuthSite/App_Start/StartupAuth.cs#L184
• Also, the timing of the SecurityStamp changes is controlled by ASP.NET Identity Core and seems to be changed when the password or external login is changed.

[daisukenishino2]

• How to set the cookie validateInterval in ASP.NET Core? - Stack Overflow https://stackoverflow.com/questions/37319492/how-to-set-the-cookie-validateinterval-in-asp-net-core

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    Provider = new CookieAuthenticationProvider
    {
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
        // SecurityStampValidatorによる検証の間隔
        validateInterval: Config.SecurityStampValidateIntervalFromSeconds,
        // ClaimsIdentityを返すdelegate
        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    },
    ExpireTimeSpan = TimeSpan.FromMinutes(30)
});

↓ ↓ ↓

services.AddScoped<ISecurityStampValidator, SecurityStampValidator<IdentityUser>>();

services.Configure<SecurityStampValidatorOptions>(options =>
{
    options.ValidationInterval = TimeSpan.FromSeconds(10);
});

AuthenticationBuilder authenticationBuilder = services.AddAuthentication();
authenticationBuilder.AddCookie(options =>
    {
        ...
        options.Events = new CookieAuthenticationEvents()
        {
            OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync
        };
    });