如果用户使用Google登录,则ASP.NET Core Identity 2.0 SignoutAsync不会注销用户 [英] ASP.NET Core Identity 2.0 SignoutAsync is not logging out user if the user signed in with Google
问题描述
我已经安装并正在运行Asp.net Core Identity 2.0版.我发现_signinManager.SignoutAsync
不会在用户登录Google后注销.当我返回登录方法时,它仅显示用户已登录,而其Claims对象仍保持不变.
I have Asp.net Core Identity version 2.0 Set up and running. I am finding that _signinManager.SignoutAsync
is not logging out user once they have signed in with Google. When I go back to my Login Method it just shows the User as logged in with their Claims object still intact.
代码非常简单,如下所示
The code is really simple as below
[AllowAnonymous]
public ActionResult TestGoogle()
{
var redirectUrl = Url.Action(nameof(ExternalCallback), "Account", new { ReturnUrl = "" });
var properties = _signInManager.ConfigureExternalAuthenticationProperties("Google", redirectUrl);
return Challenge(properties, "Google");
}
public async Task<IActionResult> LogOff()
{
await _signInManager.SignOutAsync();
return RedirectToAction(nameof(HomeController.Index), "Home");
}
推荐答案
问题是您的RedirectToAction
会覆盖对SignOutAsync
发出的Identity Server结束会话URL的重定向.
The problem is that your RedirectToAction
overwrites the redirect to the Identity Server endsession URL that SignOutAsync
issues.
对于SignOutAsync
,已经过时的是Authentication
部分-从ASP.NET Core 2.0开始,它是HttpContext
本身的直接扩展.
As for SignOutAsync
, what is obsolete is the Authentication
portion -- as of ASP.NET Core 2.0 it's an extension directly off HttpContext
itself.
(对相同退出问题的相同解释在此处由Microsoft的HaoK提供.)
(The same explanation for the same signout problem is given here by Microsoft's HaoK.)
解决方案是在AuthenticationProperties
对象中发送带有最终SignOutAsync
的重定向URL:
The solution is to send a redirect URL in an AuthenticationProperties
object with the final SignOutAsync
:
// in some controller/handler, notice the "bare" Task return value
public async Task LogoutAction()
{
// SomeOtherPage is where we redirect to after signout
await MyCustomSignOut("/SomeOtherPage");
}
// probably in some utility service
public async Task MyCustomSignOut(string redirectUri)
{
// inject the HttpContextAccessor to get "context"
await context.SignOutAsync("Cookies");
var prop = new AuthenticationProperties()
{
RedirectUri = redirectUri
};
// after signout this will redirect to your provided target
await context.SignOutAsync("oidc", prop);
}
这篇关于如果用户使用Google登录,则ASP.NET Core Identity 2.0 SignoutAsync不会注销用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!