How to create a security stamp value for asp.net identity (IUserSecurityStampStore)

Question

In my MVC-5 application, I have to create security stamp values manually. The current implementation of the identity team seems to use a guid.

G         


        

Answer 1

ASP.NET Identity UserManager provides method UpdateSecurityStampAsync(string userId)which will automatically update users security-stamp. So that next time validateInterval ends user will be automatically logged-out and forced to sign.in again.

UserManager.UpdateSecurityStampAsync(userId);

Answer 2

Out of the documentation of the identity implementation for the entity-framework, it seems that it can be any random value:

IdentityUser.SecurityStamp Property

A guid seems therefore fine and the following code should be reliable also with future versions of asp.net identity.

Guid.NewGuid().ToString("D")

Answer 3

a bit late to the party, but these seem to work just fine:

        await _userManager.UpdateSecurityStampAsync(user);
        await _userManager.UpdateNormalizedEmailAsync(user);
        await _userManager.UpdateNormalizedUserNameAsync(user);
        await _userManager.SetLockoutEnabledAsync(user, true);