public async Task ValidateAsync(CookieValidatePrincipalContext context) { string userId = context.Principal.GetUserId(); var principal = await ValidateSecurityStamp(context.Principal, userId); if (principal != null) { context.ReplacePrincipal(principal); context.ShouldRenew = true; } else { context.RejectPrincipal(); await context.HttpContext.Authentication.LogOffAsync(Options); } }