使用.NET WebBrowser控件，为什么Salesforce.com自动注销用户后，他/她的会话已经失效？ [英] Using .NET WebBrowser control, why Salesforce.com logs the user in automatically after his/her session has been invalidated?

问题描述

我通过REST在我的.NET应用程序登录的用户。对于WebBrowser控件构造我请执行下列操作：

I'm logging in users via REST in my .NET application. For that in the WebBrowser control constructor I do the following:

string server = "https://login.salesforce.com/";
var authURI = new StringBuilder();
authURI.Append(server + "services/oauth2/authorize?");
authURI.Append("response_type=code");
authURI.Append("&client_id=" + clientID);
authURI.Append("&redirect_uri=" + redirectURL);
webBrowser1.Navigate(authURI.ToString());

这工作得很好，用户正在presented标准SFDC登录屏幕，他/她登录时，我做的所有流程，以获得安全令牌，用户能够与SFDC工作。

This works fine, the user is being presented the standard sfdc login screen, he/she logs in, I do all the flow to get the security token and the user is able to work with SFDC.

有趣的事情发生后，用户注销，并尝试重新登录（如以不同的名称）。在这一点上的安全令牌（的sessionId）已被撤销（Ⅰ选中）。 他/她点击登录按钮时，code以上再次运行，但不是再​​次显示出了SFDC登录界面，销售人员只是记录用户在自动重定向到RedirectURI，拉开登录流程。因此，用户没有办法在不同的凭据登录... 我相信这是因为一些饼干SFDC留下，但删除所有cookie后用户仍然得到自动登录......我也做this.Close（）; this.Dispose（）;在登录后WebBrowser控件，所以下一次它的实例 - 它是一个全新的控制......

Interesting stuff happens after the user logs out, and tries to log in again (e.g. under a different name). At this point the security token (sessionId) has been revoked (I checked). He/she clicks the login button, the code above runs again, but instead of showing the SFDC login UI again, salesforce just logs the user in automatically and redirects to the RedirectURI, kicking off the login flow. Thus the user has no way to log in under different credentials... I was sure it was because of some cookie SFDC leaves behind, but after deleting all the cookies the user still gets logged in automatically... I also do this.Close(); this.Dispose(); on the WebBrowser control after logging in, so the next time it's instantiated - it's a brand new control...

推荐答案

显然，HTTP会话还活着，尽管用户点击注销按钮。该会议是由底层 URLMON 层管理，因此 web浏览器的新实例停留在同一个会话。尝试无效的会话是这样的：

Apparently, the HTTP session is still alive, despite the user has clicked the Log Out button. The session is managed by the underlying URLMON layer, so the new instance of WebBrowser stays on the same session. Try invalidating the session like this:

dynamic document = webBroweser.Document;
document.execCommand("ClearAuthenticationCache", false);

做到这一点之前，你处置 WebBroweser 的当前实例中，必须有一个功能文件里面为此工作。

Do this before you dispose of the current instance of WebBroweser, there has to be a functional Document inside it for this to work.

更多信息：<一href="http://blogs.msdn.com/b/ieinternals/archive/2010/04/05/understanding-browser-session-lifetime.aspx"相对=nofollow>了解会话生命周期。

这篇关于使用.NET WebBrowser控件，为什么Salesforce.com自动注销用户后，他/她的会话已经失效？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！