如何从特定会话中注销用户Identity Server 4 .Net Core? [英] How to Logout user from a particular session Identity Server 4, .Net Core?
问题描述
使用身份服务4 与
Using Identity Serve 4 with .Net Core 3.1, razor pages. Also using Cookie Authentication
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
问题-
John在Web应用程序中登录了2次
In a web application John logged-in 2 times
- 第一次在Chrome上登录
- 第二次登录
因此,如果John再次尝试在Firefox上第三次登录而又没有从以前的浏览器注销,那么我想从Chrome的1st Login上强制注销John.
So, if John again trying to logged-in on 3rd time on Firefox without logout from previous browsers, then I want to logout John from 1st Login on Chrome forcefully.
我可以在会话表(包括会话ID,用户ID等)中跟踪登录. 但是我不知道如何使用会话ID从特定会话中注销用户.
I can keep the track of logins in a Session table including Session Id, User Id etc. But I don’t know how logout user from a particular session using Session Id.
请帮助.
谢谢
推荐答案
ASP.NET Core provides an ITicketStore interface which allows you to get control of storing user sessions. Once you provide a class implementing this interface and register it, it will call your class when sessions are being created or verified which you can then store in a database however you like, including attaching arbitrary metadata like browser ID etc.
现在数据库中已有用户会话,您可以分别查询它们并根据需要在其他逻辑中(包括在登录期间)撤消它们.由于您现在提供了会话数据,因此只需删除记录即可有效地将用户从该会话中注销.请注意,如果您使用任何缓存层来减少存储请求,则还需要删除所有缓存的副本.
Now that you have user sessions in your database, you can separately query them and revoke as needed in other logic, including during logins. Since you now provide the session data, simply deleting the record effectively logs the user out from that session. Note that if you use any caching layer to reduce the store requests, you'd need to remove any cached copies as well.
请注意,这与IdentityServer是分开的,并且与ASP.NET Core本身一起发生.
Note that this is separate from IdentityServer and happens with ASP.NET Core itself.
这是一个很好的教程帮助我在自己的应用中实现了这一目标.
This is a good tutorial that helped me implementing this in my app.
有关在Startup中的注册外观的示例,其中PersistentTicketStore是我的实现:
A sample of how it looks to register in Startup, where PersistentTicketStore is my implementation:
// Persistent ticket/cookie store to provide durable user sessions
services.AddSingleton<IUserSessionRepository, UserSessionRepository>();
services.AddSingleton<ITicketStore, PersistentTicketStore>();
services.AddOptions<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme)
.Configure<ITicketStore>((options, store) => options.SessionStore = store);
这篇关于如何从特定会话中注销用户Identity Server 4 .Net Core?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
