OWIN - Authentication.SignOut（）似乎并没有删除的cookie [英] OWIN - Authentication.SignOut() doesn't seem to remove the cookie

问题描述

我在与OWIN Cookie身份验证的一些问题。我有了使用由承载令牌保护的Cookie身份验证和的WebAPI资源MVC的一些页面的净部位。

I'm having some issues with OWIN Cookie authentication. I have a .Net site that has some MVC pages which uses cookie authentication and WebAPI resources protected by a bearer token.

当我退出，我删除客户端的访问令牌，因此后续的API请求将不会有标头中的标记，因此将无法验证。这部分是好的。

When I log out, I delete the access token on the client, so subsequent API requests will not have the token in the header and will thus fail the authentication. This part is fine.

在以相同的方式，我也喜欢的注销删除由MVC页面中使用该cookie。我没有在服务器上执行以下操作：

In the same manner, I would also like the log out to delete the cookie used by the MVC pages. I did the following on the server:

    [Route("Logout")]
    public IHttpActionResult Logout()
    {
        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignOut();
        return Ok();
    }

然而，主叫注销后，我仍然可以访问受保护的MVC页面，即使该Cookie就会据称被注销电话中删除。

However, after the calling Logout, I can still visit the protected MVC page even though the cookie would have supposedly been deleted by the Logout call.

这似乎很简单，所以我可能会错过一些东西。

It seems so simple, so I might have missed something.

谢谢，

推荐答案

我对过去几天类似的问题。而不是

I had a similar problem for the past few days. Instead of

Request.GetOwinContext().Authentication.authenticationManager.SignOut();

使用其中一个（也是唯一一个）：

Use ONE(and only one) of these:

Request.GetOwinContext().Authentication.SignOut();

Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

HttpContext.Current.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

这文章解释了为什么你的cookies不会被删除：<一个href=\"http://dotnet.dzone.com/articles/catching-systemwebowin-cookie\">http://dotnet.dzone.com/articles/catching-systemwebowin-cookie

This article explains why your cookies don't get deleted: http://dotnet.dzone.com/articles/catching-systemwebowin-cookie

我知道我的答案是不是最科学研究为基础，而是告诉你实话，我只是找不到，为什么我提供code例子为我工作。我只知道，如果你做SignOut（）另一种方式的System.Web弄乱Owins饼干。

I know my answer isn't the most research-based, but to tell you the truth, I just couldn't find WHY my provided code examples work for me. I just know that System.Web messes up Owins cookies if you do SignOut() another way.

这篇关于OWIN - Authentication.SignOut（）似乎并没有删除的cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！