堆栈内存溢出
  简体   繁体   English

在OWIN / Katana身份验证管理器中使用HttpPost进行注销

[英]Use HttpPost for Logout in OWIN/Katana authentication manager

 原文  2015-12-18 06:36:28       c#/ asp.net-mvc/ owin/ katana/ identityserver3

问题描述

Is there a way to force the Katana authentication manager to call the Logout endpoint from IdentityServer3 with a HttpPost instead of a HttpGet method? 有没有办法强制Katana身份验证管理器使用HttpPost而不是HttpGet方法从IdentityServer3调用Logout端点?

I currently use this method to call the endsession endpoint from IdentityServer3 (according to this tutorial): 我目前使用此方法从IdentityServer3调用endsession端点(根据教程): 

public ActionResult Logout()
{
    // standard way with HTTP GET
    Request.GetOwinContext().Authentication.SignOut();

    return Redirect("/");
}

I need this, because the URL would have more than 2000 chars and this will lead to some errors. 我需要这个,因为URL将有超过2000个字符,这将导致一些错误。

Thx for help 谢谢你的帮助

1 个解决方案

解决方案1
 3 已采纳  2015-12-29 12:43:51

Sadly the OWIN middleware is not supporting HttpPost sign-out actions. 遗憾的是,OWIN中间件不支持HttpPost注销操作。 As a workaround, you can manually post the necessary parameter to the end session endpoint 作为解决方法,您可以手动将必要的参数发布到结束会话端点

I provide a link in my MVC5 application, so that a user is able to logout: 我在我的MVC5应用程序中提供了一个链接,以便用户能够注销: 

@{
    Claim idTokenHintClaim = Request.GetOwinContext().Authentication.User.FindFirst("id_token");
    string idTokenHint = idTokenHintClaim != null
        ? idTokenHintClaim.Value
        : null;
}
<form action="https://.../core/endsession" method="POST" id="logoutForm">
    <input type="hidden" name="id_token_hint" value="@idTokenHint"/>
    <input type="hidden" name="post_logout_redirect_uri" value="@PostLogoutRedirectUrl"/>
</form>
<a href="javascript:document.getElementById('logoutForm').submit()">
    Logout
</a>

The IdentityServer3 is doing its job and destroys the current user session. IdentityServer3正在执行其工作并销毁当前用户会话。 After that IdentityServer3 is calling our @PostLogoutRedirectUrl . 之后,IdentityServer3正在调用我们的@PostLogoutRedirectUrl The @PostLogoutRedirectUrl is pointing to an controller method of the MVC application: @PostLogoutRedirectUrl指向MVC应用程序的控制器方法: 

public ActionResult LogoutCallback()
{
    HttpCookie cookie = new HttpCookie("SecureCookieName");
    cookie.HttpOnly = true;
    cookie.Expires = new DateTime(1999, 10, 12);
    Response.Cookies.Remove("SecureCookieName");
    Response.Cookies.Add(cookie);

    SetPasswordResetHint();

    return RedirectToAction("Index");
}

I hope the support for HttpPost methods will be added in the OWIN middleware soon. 我希望很快就会在OWIN中间件中添加对HttpPost方法的支持。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 OWIN身份验证管道以及如何正确使用Katana中间件? - The OWIN authentication pipeline, and how to use Katana middleware correctly? 使用Windows身份验证的OWIN / Katana WebAPI不断要求登录/密码 - OWIN/Katana WebAPI using Windows Authentication keeps asking for login/password 在Owin,Katana和Nancy成功进行cookie身份验证后,重定向到ReturnUrl - Redirect to ReturnUrl after successful cookie authentication in Owin, Katana & Nancy 没有 OWIN 身份验证管理器与请求相关联 - No OWIN authentication manager is associated with the request OWIN / Katana&BasicAuthentication - OWIN/Katana & BasicAuthentication OWIN OpenId 身份验证 - 注销后激活 Session - OWIN OpenId Authentication - Active Session after logout WebApi2-没有OWIN身份验证管理器与请求关联 - WebApi2 - No OWIN authentication manager is associated with the request InvalidOperationException:没有OWIN身份验证管理器与请求关联 - InvalidOperationException: No OWIN authentication manager is associated with the request 将 Owin/Katana 与 ASP.NET Core 一起使用是否仍然相关(实际用例)? - Is it still relevant to use Owin / Katana with ASP.NET Core (actual use case)? 如何使用owin / katana流式传输运动jpeg? - How to stream a motion jpeg using owin/katana?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM