stackoom
  简体   繁体   中英

ASP .net Core SignOutAsync issue

 原文  2022-09-22 02:00:26       asp.net-core/ authentication/ logging/ authorization/ logout

Question

Below code is really working for login and logout. But i am facing an issue,

  1. Ran the application with chrome and login with .登录。 Successfully logged in
  2. He opened another tab it is not asking for login. Because he already logged in with previous tab, it took that cookies.
  3. navigating to in that new tab.导航到该新选项卡中的He has rights to open this menu and do purchase order.
  4. He clicked logged out from the first tab and it is successfully logged out. The second tab still opened with purchase screen.
  5. Now Successfully logged in with his credential.使用他的凭据成功登录。 He doesn't have purchase activity rights.
  6. He opened that purchase screen tab and placed an order it is successfully placed
I want to restrict this by when ever expired session/cookies come to server we have to ignore and redirect to login screen.

Login code ``` ClaimsIdentity identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, u.Name), new Claim(ClaimTypes.Name, u.DisplayName), new Claim(ClaimTypes.UserData, JsonSerializer.Serialize(u)), }, CookieAuthenticationDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity); await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal); ``` Logout code ``` public async Task Logout() { await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); return RedirectToAction("Index", "Home"); } ``` Startup.cs ``` 
 services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(x => { x.LoginPath = "/UserAccount"; x.ExpireTimeSpan = TimeSpan.FromMinutes(10); x.SlidingExpiration = true; }); var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); services.AddMvc(options => { options.Filters.Add(new AuthorizeFilter(policy)); });

1 answers

solution1
 0  2022-09-22 08:12:13

He opened that purchase screen tab and placed an order it is successfully placed

Add [Authorize] to the action which place an order.

Below is a demo, I add a link to aa action in Confidential.cshtml. If first tab user log out, the second tab user cannot go to the aa action.

HomeController:

 public class HomeController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }
        [Authorize]
        public IActionResult ConfidentialData() 
        {
            return View();    
        }
        [Authorize]
        public IActionResult aa()
        {
            return Ok(3);
        }
    }

Confidential.cshtml:

@if (User.Identity.IsAuthenticated)
{
    <table class="table table-bordered">
        @foreach (var claim in User.Claims) {
        <tr><td>@claim.Type</td><td>@claim.Value</td></tr>
        }
    </table>
   <li><a asp-controller="Home" asp-action="aa">Home</a></li>
    
}

result:

在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to change SignOutAsync ReturnUrl in ASP .NET Core ASP.Net Core 2.0 SignOutAsync deleting the wrong Cookie? ASP.NET Core 3.1 HttpContext.SignOutAsync does not Redirect Asp.net core 5 Identity SignOutAsync does not work ASP.NET Core Identity 2.0 SignoutAsync is not logging out user if the user signed in with Google ASP .Net Core Routing issue? Roslyn Issue with ASP .NET Core In .NET Core, What are the differences between HttpContext.SignOutAsync() and ControllerBase.SignOut()? Issue on using AutoMapper in asp.net core ASP.NET Core Shared Cookie Issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM