Why Log out after verify phone number in asp.net i

2019-07-29 17:16发布

I am using asp.net Identity in my project. In VerifyPhoneNumber view, when user confirm his phone number, he is logged out (.AspNetApplicationCookie is removed. I checked this from Resource tab inspect chrome).
Code of VerifyPhoneNumber action in ManageController:

if (!ModelState.IsValid)
{
    return View(model);
}
string phoneNumber = UserManager.GetPhoneNumber(User.Identity.GetUserId());
var result = await UserManager.ChangePhoneNumberAsync(User.Identity.GetUserId(), phoneNumber, model.Code);
if (result.Succeeded)
{
    var user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
    if (user != null)
    {
        await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
    }
    ViewBag.Message = "Complete";
    return View();

}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "something wrong!");
return View(model);

Why this happens?

Update
I have set validateInterval for SecurityStampValidator to 0.

标签： asp.net-mvc asp.net-identity

2条回答

霸刀☆藐视天下

2楼-- · 2019-07-29 17:54

The ChangePhoneNumberAsync has this line:

await UpdateSecurityStampInternal(user).WithCurrentCulture();

Which causes the cookie expiration or re-validation. If you don't want it, you have to inherit from the UserManager<TUser> class (create your CustomUserManager class) and then override the ChangePhoneNumberAsync method. Just use the same code without the UpdateSecurityStampInternal line.

0人赞添加讨论(0) 举报

We Are One

3楼-- · 2019-07-29 17:55

Changing any security related information on the user (i.e password/phone number/email) automatically causes the cookie to expire by default (via the security stamp for the user getting flipped)

0人赞添加讨论(0) 举报

Why Log out after verify phone number in asp.net i

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间