stackoom
  简体   繁体   中英

Asp.net core 5 Identity SignOutAsync does not work

 原文  2022-01-10 18:12:06       c#/ asp.net-core/ asp.net-identity/ razor-pages

Question

I am using the Asp.Net core Identity framework (v5.0) in a razor website. The following section is in startup.cs

services.AddIdentity<IdentityUser, IdentityRole>(options =>
            { 
                options.Password.RequiredLength = 8;
                options.Password.RequireDigit = true;
                options.Password.RequireLowercase = true;
                options.Password.RequireUppercase = true;
                options.Password.RequireNonAlphanumeric = true;

                options.Lockout.AllowedForNewUsers = true;
                options.Lockout.MaxFailedAccessAttempts = 5;
                options.Lockout.DefaultLockoutTimeSpan = new TimeSpan(0, 0, 5, 0);

                options.SignIn.RequireConfirmedEmail = false;
            })

All works fine, but when I logout the user, the client side cookie is deleted but server side the session is still open.

So when I capture the http request to one of the pages that needs authentication, logoff the user and later replay the captured request the page loads instead of a logon request.

Due to security requirements this is not usable.

I simplified the logoff code to this

@page
@using Microsoft.AspNetCore.Identity
@inject SignInManager<IdentityUser> SignInManager


@functions
{
    public async Task<IActionResult> OnGet()
    {
        if(SignInManager.IsSignedIn(User))
        {
            await SignInManager.SignOutAsync();
        }
        return RedirectToPage();
    }
}

which corresponds to Microsofts documentation

I tried some solutions using context.SignOutAsync described here but the httpcontext does not contain a SignOutAsync method. (Maybe this is because that uses an older version)

Is there a way to close the server side session?

1 answers

solution1
 0  2022-07-08 04:45:55

Was looking for something else but it looks like you're trying to sign the user out when the page loads which may be causing it to not remove session. You should use onPost from a loaded page. If you use the _LoginPartial you can handle the signout from there. I've tested that as working.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Core Identity 2.0 SignoutAsync is not logging out user if the user signed in with Google link to login does not work, in ASP.NET Core Identity UI asp.net core 2 identity “Remember me” does not work ASP.Net Core 2.0 SignOutAsync deleting the wrong Cookie? Unit of Work with Identity on ASP.NET Core ASP.NET Core Identity [Authorize(Roles ="ADMIN")] not work Bind in asp.net core does not work How to make Asp.Net Core Identity to work with OpenIdConnect ASP.NET Core Identity does not redirect to correct logon pages Store does not implement IUserRoleStore<TUser> ASP.NET Core Identity
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM