How to create SecurityStamp for AspNetUser in ASP .NET MVC 5

Yoda picture Yoda · Aug 18, 2014 · Viewed 22.8k times · Source

When I create user by Register action whe application is running the application user gets SecurityStamp. When I add user by:

if (!context.Users.Any()) {
                System.Diagnostics.Debug.WriteLine("INSIDE");
                var hasher = new PasswordHasher();
                try {
                    var users = new List<ApplicationUser> { 
                        new ApplicationUser{PasswordHash = hasher.HashPassword("TestPass44!"), Email = "[email protected]", UserName = "[email protected]"},
                        new ApplicationUser{PasswordHash = hasher.HashPassword("TestPass44!"), Email = "[email protected]", UserName = "[email protected]"}
                        };

                    users.ForEach(user => context.Users.AddOrUpdate(user));

                    context.SaveChanges();
                } catch (DbEntityValidationException e) {
                    System.Diagnostics.Debug.WriteLine("EXC: ");
                    foreach (DbEntityValidationResult result in e.EntityValidationErrors) {
                        foreach (DbValidationError error in result.ValidationErrors) {
                            System.Diagnostics.Debug.WriteLine(error.ErrorMessage);
                        }
                    }

                }
            }

user doesn't get security stamp:

enter image description here

and then when I want to login I get:

enter image description here

Question: How to generate SecurityStamp for user?

Answer

Horizon_Net picture Horizon_Net · Aug 18, 2014

The security stamp can be anything you want. It is often mistaken to be a timestamp, but it is not. It will be overriden by ASP.NET Identity if something changes on the user entity. If you're working on the context directly the best way would to generate a new Guid and use it as the stamp. Here's a simple example:

var users = new List<ApplicationUser> 
                { 
                    new ApplicationUser
                        {
                            PasswordHash = hasher.HashPassword("TestPass44!"), 
                            Email = "[email protected]", 
                            UserName = "[email protected]", 
                            SecurityStamp = Guid.NewGuid().ToString()
                        },
                    new ApplicationUser
                        {
                            PasswordHash = hasher.HashPassword("TestPass44!"),
                            Email = "[email protected]", 
                            UserName = "[email protected]", 
                            SecurityStamp = Guid.NewGuid().ToString()
                         }
                };