ASP.net身份-外部登录-无法注销 [英] ASP.net identity - external login - won't log out

问题描述

在我的应用程序中，我所有的身份验证都发生在Google上-即-我的所有用户都是Google帐户.

In my application, all my authentication happens with Google - ie - all my users are Google Accounts.

我不需要用户需要在我的应用程序中注册，只需使用Google帐户登录即可.但是，我确实想为具有ASP.net身份(我认为)

I don't need users to need to register in my app, just sign in using a Google account. However, I do want to manage Roles for the users with ASP.net Identity (I think)

考虑到这一点，在成功进行外部身份验证后，我将创建一个ASP.net Identity用户(如果不存在)

With that in mind, on successful external authentication, I create an ASP.net Identity user (if one doesn't exist)

因此，我的ExternalLoginCallback如下:

So, I've got my ExternalLoginCallback as follows:

    [AllowAnonymous]
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        var authenticationManager = Request.GetOwinContext().Authentication;

        var loginInfo = await authenticationManager.GetExternalLoginInfoAsync();

        //successfully authenticated with google, so sign them in to our app
        var id = new ClaimsIdentity(loginInfo.ExternalIdentity.Claims, DefaultAuthenticationTypes.ApplicationCookie);
        authenticationManager.SignIn(id);

        //Now we need to see if the user exists in our database
        var user = UserManager.FindByName(loginInfo.Email);

        if (user == null)
        {
            //user doesn't exist, so the user needs to be created
            user = new ApplicationUser { UserName = loginInfo.Email, Email = loginInfo.Email };

            await UserManager.CreateAsync(user);

            //add the google login to the newly created user
            await UserManager.AddLoginAsync(user.Id, loginInfo.Login);
        }

        return RedirectToLocal(returnUrl);
    }

现在，我可以管理用户，添加角色，检查用户是否在角色中，等等.

Idea being, I can now manage users, add roles, check if users are in roles, etc....

首先，这是明智的做法吗?还是我过于复杂了?

Firstly, is this a sensible approach? Or have I over complicated it?

但是，我遇到的一个问题是退出应用程序

One issue I'm having, however, is with logging out of my application

我的Logout动作如下:

public ActionResult LogOut()
{
    HttpContext.GetOwinContext().Authentication.SignOut();

    return RedirectToAction("Index", "Home");
}

索引"动作装饰有[Authorize]属性- 但是，当我注销"时-它重定向到Home.Index-但我仍然似乎已登录?

My Index action is decorated with the [Authorize] attribute - However, when I 'logout' - it redirects to Home.Index - but I still seem to be logged in?

推荐答案

根据此 ASPNet身份工作项，这是设计使然，您需要直接调用Google的API才能注销用户.

According to this ASPNet Identity Work Item, this is by design, and you need to call directly to Google's API in order to log the user out.

这篇关于ASP.net身份-外部登录-无法注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！