How to reissue a session token cookie when the user has his claims updated by the admin?

Question

I'm developing MVC5 application. I'm stuck on a simple situation when the site admin updates claims collection of the user that is currently logged in. What is the best practice to refresh logged-in user claims?

Answer 1

Here are some steps you might try:

1. Sign the user out from your application.
2. Redirect him to a protected resource. If the current page is a protected resource then you don't need to do anything more
3. The user will be redirected to the STS (because he is attempting to access a protected resource but he is no longer authenticated)
4. If the user still has a valid session against the STS he will receive an access token (with the new claims) and redirect him back to the initially requested protected resource.
5. The user will now have the new claims in the identity.