注销索赔认证 [英] SignOut of claims authentication

问题描述

我已经在我的项目中成功实现了声明身份验证.

I have successfully implemented claims authentication in to my project.

如下所示:

 var userCredentials = new[] {
                new Claim("UserId", userProfile.UserId.ToString()),
                new Claim("Username", userProfile.UserName)};

        var id = new ClaimsIdentity(userCredentials, "Forms");

        var cp = new ClaimsPrincipal(id);
        var token = new SessionSecurityToken(cp);

        var sam = FederatedAuthentication.SessionAuthenticationModule;
        sam.WriteSessionTokenToCookie(token);

哪个可以正常工作，我要解决的问题是将该用户注销，我有以下类，当用户按下注销"时会调用该类

Which is working correctly, the issue I'm trying to resolve is signing that user out, I have the following class which is called when the user presses Sign Out

 public static void SignOut()
 {
     FormsAuthentication.SignOut();
 }

似乎没有注销该用户，因此我进行了一次Google搜索并尝试了以下操作:

Which didn't seem to log the user out, so I went on a google search and tried the following:

FederatedAuthentication.SessionAuthenticationModule.SignOut();
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();

它们都不起作用吗?我可能做错了什么?

Neither of them work either? what could I possibly doing wrong?

这是我的配置:

 <configSections>
     <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
     <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>

<system.web>
    <authentication mode="Forms">
       <forms loginUrl="/User/Login" timeout="2880" />
    </authentication>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" maxRequestLength="1048576" />
</system.web>

 <modules>
  <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</modules>

任何帮助将不胜感激.

更新

我刚刚尝试了以下操作:

I've just tried the following:

FormsAuthentication.SignOut();
Session.Abandon();

// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);

// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);

并重定向到FAQ页面，但是我仍然可以在导航中看到仅在用户经过身份验证时才显示的链接.

And redirected to the FAQ page but still I can see links in the navigation which should only been shown if the user is Authenticated.

推荐答案

设法使它正常工作！

我现在使用

var sam = FederatedAuthentication.SessionAuthenticationModule;
sam.DeleteSessionTokenCookie();

然后我进行重定向，它可以按预期的方式工作:)

Then I do a redirect and it works as expected :)

这篇关于注销索赔认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！