如何在所有设备ASP.NET MVC上实现注销 [英] How to implement logout on all devices ASP.NET MVC
问题描述
我正在尝试开发单一登录应用程序,其中注册用户可以为其登录提供引脚。我们有API验证并为pin用户提供access_token。我们必须将pin用户的最新浏览器实例视为有效的。如果pin用户试图访问以前的浏览器实例,我们需要将它们重定向到主页。 />
任何人都可以帮我解决这个问题。
我尝试了什么:
我试图保留应用程序对象(键作为引脚)但没有任何帮助。
I am trying develop single login application where registered users can give their pin for Login . We have API to Validate and give access_token for pin users.We have to consider latest browser instance of pin user as valid one.If the pin user is trying to access Previous instance of browser, we need to redirect them to home page.
Can any one help me how to resolve this.
What I have tried:
I tried to keep application object (key as pin) but nothing helps.
推荐答案
你可以使用像SignalR这样的东西您的应用程序订阅了LogOut()客户端通知方法。
然后,当其中任何一个调用LogMeOut()服务器方法时,它可以触发LogOut()到所有订阅客户。
You could use something like SignalR where all your apps subscribed to LogOut() client notification method.
Then, when any of them called a LogMeOut() server method, it could fire LogOut() to all subscribed clients.
我认为添加SignalR是不必要的,因为我们可以轻松存储值,并且如果请求我们可以有效,或者我们需要阻止它们。此外,SignalR要求您添加额外的服务层,如果未清除连接,则可能会重复使用令牌,具体取决于我们如何清理数据和连接。
I think addition of SignalR will be unnecessary, since we can easily store the values and upon a request we can valid if they are valid or we need to block them. Also, SignalR requires that you add an extra layer of service, and if the connections are not cleared they might reuse the token depending on how we sanitize the data and connections.
我们必须将pin用户的最新浏览器实例视为有效的。
We have to consider latest browser instance of pin user as valid one.
然后只存储最新版本的pin,并且令牌。您的令牌表必须是这样的,
Then only store the latest version of pin, and the token. Your token table must be something like this,
// Assuming that you are using Entity Framework, or similar. Otherwise, table structure.
public class Token {
public string Id { get; set; }
public string UserId { get; set; }
public string Token { get; set; } // Your pin code here
public DateTime ExpiresAt { get; set; }
}现在,当用户输入新浏览器时,您应检查当前用户是否有令牌(如果有),然后使用当前浏览器的新令牌更新该令牌。如果他们没有一个 - 这意味着这是唯一的会话 - 创建一个新令牌并将其分配给用户。
在您的身份验证模块中,您应该检查令牌是否有效 - 因为我们只有一个令牌,它只对该浏览器有效 - 然后让它们访问网站。
安全提示,因为这是用户在多个浏览器上操作和重用令牌的简便方法。您应该只传递您生成的令牌值。在后台,存储浏览器的代理值,他们登录的IP地址,这样您就可以验证这是否与他们分配令牌时使用的浏览器完全相同。如果他们在其他地方重用了令牌,那么你也可以拒绝令牌,因为其他参数不匹配。
Now, when user enters a new browser, you should check if current user has a token, if they have, then update that token with a new token for the current browser. If they do not have one—meaning this is the only session—create a new token and assign that to the user.
In your authentication module, you should then check if the token is valid—since we only have one token, it would be valid for that browser only—then let them access the website.
Security tips for you, since this is an easy way for the users to manipulate and reuse the token on multiple browsers. You should only pass down the token value that you generated. In the background, store the browser's agent value, IP address from where they logged in, and this way you can verify whether this was the exact same browser they were using when they were allotted a token. If they reused the token somewhere else, then you can reject the token too, since other parameters won't match.
我们需要将它们重定向到主页。
we need to redirect them to home page.
这将自动为您管理,如果该令牌和其他参数无效,那么您的应用程序将自动重定向它们。
This will be automatically managed for you, if that token and other parameters are not valid, then your application will redirect them automatically.
这篇关于如何在所有设备ASP.NET MVC上实现注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
