堆栈内存溢出
  简体   繁体   English

SignOutAsync()不注销用户

[英]SignOutAsync() not logging user out

 原文  2019-09-13 09:18:16       c#/ asp.net-core/ asp.net-web-api/ identity/ logout

问题描述

I have a MVC app that has a couple of WebAPI endpoints. 我有一个具有两个WebAPI端点的MVC应用程序。 The reason for this is we have an app that should be able to communicate with the application. 原因是我们有一个应该能够与该应用程序通信的应用程序。 For authentication, I am using Identity. 对于身份验证,我正在使用身份。

After I logged in and want to log out again, it works in the UI. 登录并要再次注销后,它可以在用户界面中使用。 So I implemented the same logic in the Logout actions in one of my API endpoints: 因此,我在一个API端点中的注销操作中实现了相同的逻辑: 

public async Task<JsonResult> LogOut()
{
    await _signInManager.SignOutAsync();            
    _logger.LogInformation("User logged out.");

    return new JsonResult(new { Anything = "Logout successful." });
}

I also tried most of the approaches I found here when I search for the same question. 当我搜索相同的问题时,我也尝试了在这里找到的大多数方法。 However, no matter what I do, the cookie ".AspNetCore.Identity.Application" is always in the next request and I am still authenticated. 但是,无论我做什么,Cookie“ .AspNetCore.Identity.Application”始终在下一个请求中,并且我仍然通过身份验证。

I am using Postman to test the API endpoints, if that makes any difference. 我正在使用Postman测试API端点,如果有什么不同的话。

1 个解决方案

解决方案1
 1 已采纳  2019-09-13 10:44:33

Right now you only have cookie authentication and when you call SignOutAsync() a response is being generated which indicates to delete the authentication cookie and in response to that browser deletes the authentication cookie so in the next call there is no cookie and you are not logged in anymore but if you store the authentication cookie before sign out and then add it to the browser after you sign out you are still logged in because your credential is in the cookie. 现在,您只有Cookie身份验证,并且当您调用SignOutAsync()会生成一个响应,指示删除身份验证Cookie,并响应该浏览器删除身份验证Cookie,因此在下一次调用中没有Cookie,并且您没有登录可以,但是如果您在注销之前先存储身份验证cookie,然后在注销后将其添加到浏览器 ,则您的凭据仍在登录中,因为您的凭据在cookie中。

So this is how browser behaves, and you don't have this behaviour in postman or HttpClient . 因此,这就是浏览器的行为,而在postman或HttpClient则没有这种行为。

Your options are to either use Reference Token for your apis 您可以选择对API使用参考令牌

or 要么

You can config a Session Store with your Cookie Authentication 您可以使用Cookie身份验证配置会话存储

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如果用户使用Google登录,则ASP.NET Core Identity 2.0 SignoutAsync不会注销用户 - ASP.NET Core Identity 2.0 SignoutAsync is not logging out user if the user signed in with Google SignOutAsync 不会注销 - SignOutAsync Doesn't Sign Out HttpContext.SignOutAsync()既不注销用户也不删除本地cookie - HttpContext.SignOutAsync() neither logs out the user nor deletes the local cookie SignOutAsync使我的User.Identity.IsAuthenticated仍然为true - SignOutAsync Make my User.Identity.IsAuthenticated still true 用户关闭浏览器时的“注销”事件 - The “Logging out” event when a user closes the browser 注销用户访问单个Web应用程序页面 - Logging a user out for a single web application page 会话超时时注销用户 - logging off a user when the session times out asp.net没有注销用户 - asp.net not logging user out 检测空闲状态并注销用户(WinForms) - Detecting Idle status and Logging user out (WinForms) 从一个页面导航到另一页面时,Signalr注销用户 - Signalr logging out user when navigating from one page to another
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM