4

I'm using ASP.NET Core 1.0 and the identity stuff to authenticate and authorize the users. It all works fine except one single thing:

If the user resets or changes his password, he can't sign-in with the new credentials until the ASP.NET App is restarted. Means the new passwords are successfully saved in the database, but the Method _signInManager.PasswordSignInAsync() doesn't use the current data, but old one. It seems there is something like a cache in the EF Core or in the SignInManager/UserStore.

Sign-in after registration works also fine, it is just a problem after reset or change of the passwords.

Improve this question
2
  • Are you using the redis or some in-process memory cache or so? Commented Jul 4, 2016 at 10:09
  • Nope, currently there is no cache configured. Just the default settings, nothing special. Commented Jul 4, 2016 at 10:12

2 Answers 2

Reset to default
4

I too discovered a problem with my authentication middleware using a stale DbContext.

One solution was to refresh the user in the auth middleware's identity resolver with the following line of code:

await _dbContext.Entry(userToVerify).ReloadAsync();

Following this, I was able to verify the user's credentials against up-to-date data.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Found the cause of that problem: Auth is done in a separate MiddleWare which has a wrong initialization and uses an old EF DbContext.

Using the DbContext with DI is a huge problem in ASP.NET Core. The DbContext should be used in a pretty small scope, defined with a simple using statement. Unfortunately the ASP.NET Core identity uses a DbContext which is registered in the DI. The better solution would be to register just a DbContext factory to the DI, to create a small scoped DbContext overtime you need it.

Improve this answer

2 Comments

Thanks for sharing your insight, I could see this tripping someone up for hours.
The insight is good, but not so much for dummies like me. I don't know how to properly register a DbContext factory, so I end up with a using (new DbContext) everywhere instead.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.