注销Aspnet Core后如何防止浏览器后退按钮 [英] How to prevent browser back button after logout Aspnet Core
问题描述
我有一个带有cookie身份验证的aspnet核心网站. 当我注销后,当我单击浏览器的后退按钮时,我导航到最后一个网页,而我不想这样做,我不想将用户重定向到登录页面进行身份验证再次.
I have an aspnet core web site, with cookie authentication. When I logoff, and then, when I click in the back button of the browser, I navigate to the last web page, and I don´t want that, I wan´t the user to be redirect to the login page to be authenticate again.
我的startup.cs
My startup.cs
public void ConfigureServices(IServiceCollection services)
{
....
services.AddIdentity<ApplicationUser, ApplicationRole>(
config =>
{
config.User.RequireUniqueEmail = true;
config.SignIn.RequireConfirmedEmail = true;
config.Password.RequiredLength = 8;
config.Cookies.ApplicationCookie.LoginPath = "/Home/Login";
})
.AddEntityFrameworkStores<DbContext>()
.AddDefaultTokenProviders();
......
}
我的控制器.cs
public class HomeController : Controller
{
.....
private readonly string _externalCookieScheme;
....
public HomeController(
.....
IOptions<IdentityCookieOptions> identityCookieOptions,
.....)
{
....
_externalCookieScheme = identityCookieOptions.Value.ExternalCookieAuthenticationScheme;
....
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> Login()
{
// Clear the existing external cookie to ensure a clean login process
await HttpContext.Authentication.SignOutAsync(_externalCookieScheme);
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> LogOff()
{
await HttpContext.Authentication.SignOutAsync(_externalCookieScheme); //don´t remove the cookie
_logger.LogInformation(4, "User logged out.");
return RedirectToAction(nameof(HomeController.Login), "Home");
}
}
我在这里想念什么?
最诚挚的问候.
jolynice
推荐答案
您需要设置Cache-Control标头.对于单个页面或控制器,可以这样设置标题:
You need to set the Cache-Control header. For a single page or controller, you can set the header like this:
[ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]
如果这不起作用,请确保标题没有被覆盖.您可以在我的博客文章中找到详细的解释:如何在ASP.NET Core MVC中注销后防止返回按钮.
If that doesn't work, make sure the header is not being overwritten. You can find a detailed explanation in my blog post: How To Prevent the Back Button after Logout in ASP.NET Core MVC.
这篇关于注销Aspnet Core后如何防止浏览器后退按钮的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!