OWIN 身份验证,使当前令牌过期并删除 cookie
[英]OWIN authentication, expire current token and remove cookie
问题描述
I have a OWIN Middleware for authentication.
我有一个用于身份验证的 OWIN 中间件。 We have two type of authentication in place.我们有两种类型的身份验证。 First type is bearer token using the following configuration第一种类型是使用以下配置的不记名令牌
var OAuthOptions = new OAuthAuthorizationServerOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalBearer,
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true,
AccessTokenFormat = new SecureTokenFormatter(GetMachineKey())
};
And second type use authentication cookie for external Login第二种类型使用身份验证 cookie 进行外部登录
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
CookieHttpOnly = true,
CookieSecure = CookieSecureOption.SameAsRequest,
CookieName = ".AspNet." + DefaultAuthenticationTypes.ExternalCookie,
ExpireTimeSpan = TimeSpan.FromMinutes(5),
TicketDataFormat = new SecureTokenFormatter(GetMachineKey())
});
When the User Logout, we actually issue two Logout当User Logout时,我们实际上发出了两次Logout
Request.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
And和
Request.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ExternalBearer);
With the first one, I am expecting to see the .AspNet.ExternalCookie Cookie deleted from the Browser, which is not.对于第一个,我希望看到从浏览器中删除的 .AspNet.ExternalCookie Cookie,但事实并非如此。 With the second one, I am expecting to get my Token invalidated and The User.Current.Identity = null, which is not.对于第二个,我希望我的令牌无效并且 User.Current.Identity = null,但事实并非如此。
So how I can 1) Physically logout the current Identity for the current Session?那么我如何才能 1) 以物理方式注销当前会话的当前身份? 2) Remove the external Cookie from the Browser? 2) 从浏览器中删除外部 Cookie?
1 个解决方案
解决方案1
0 2015-03-20 10:10:52
I had the same issue you had and after 3 days of searching I found the asnwer(sort of...).我遇到了与您相同的问题,经过 3 天的搜索,我找到了答案(有点……)。
Try ONE(and only one) of these code lines in your log out.在注销时尝试这些代码行中的一个(并且只有一个)。 (they all worked for me, but and I'm using the first one, but the more examples the better, right??) (它们都对我有用,但是我使用的是第一个,但是示例越多越好,对吧??)
Request.GetOwinContext().Authentication.SignOut();
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
HttpContext.Current.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
The problem is well described in this article, but it does not provide a working fix(at least for me it didn't) http://coding.abel.nu/2014/11/catching-the-system-webowin-cookie-monster/这篇文章很好地描述了这个问题,但它没有提供一个有效的修复(至少对我来说没有) http://coding.abel.nu/2014/11/catch-the-system-webowin-cookie -怪物/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.