OWIN - Authentication.SignOut()似乎并没有删除的cookie [英] OWIN - Authentication.SignOut() doesn't seem to remove the cookie
问题描述
我在与OWIN Cookie身份验证的一些问题。我有了使用由承载令牌保护的Cookie身份验证和的WebAPI资源MVC的一些页面的净部位。
I'm having some issues with OWIN Cookie authentication. I have a .Net site that has some MVC pages which uses cookie authentication and WebAPI resources protected by a bearer token.
当我退出,我删除客户端的访问令牌,因此后续的API请求将不会有标头中的标记,因此将无法验证。这部分是好的。
When I log out, I delete the access token on the client, so subsequent API requests will not have the token in the header and will thus fail the authentication. This part is fine.
在以相同的方式,我也喜欢的注销删除由MVC页面中使用该cookie。我没有在服务器上执行以下操作:
In the same manner, I would also like the log out to delete the cookie used by the MVC pages. I did the following on the server:
[Route("Logout")]
public IHttpActionResult Logout()
{
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignOut();
return Ok();
}
然而,主叫注销后,我仍然可以访问受保护的MVC页面,即使该Cookie就会据称被注销电话中删除。
However, after the calling Logout, I can still visit the protected MVC page even though the cookie would have supposedly been deleted by the Logout call.
这似乎很简单,所以我可能会错过一些东西。
It seems so simple, so I might have missed something.
谢谢,
推荐答案
我对过去几天类似的问题。而不是
I had a similar problem for the past few days. Instead of
Request.GetOwinContext().Authentication.authenticationManager.SignOut();
使用其中一个(也是唯一一个):
Use ONE(and only one) of these:
Request.GetOwinContext().Authentication.SignOut();
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
HttpContext.Current.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
这文章解释了为什么你的cookies不会被删除:<一个href=\"http://dotnet.dzone.com/articles/catching-systemwebowin-cookie\">http://dotnet.dzone.com/articles/catching-systemwebowin-cookie
This article explains why your cookies don't get deleted: http://dotnet.dzone.com/articles/catching-systemwebowin-cookie
我知道我的答案是不是最科学研究为基础,而是告诉你实话,我只是找不到,为什么我提供code例子为我工作。我只知道,如果你做SignOut()另一种方式的System.Web弄乱Owins饼干。
I know my answer isn't the most research-based, but to tell you the truth, I just couldn't find WHY my provided code examples work for me. I just know that System.Web messes up Owins cookies if you do SignOut() another way.
这篇关于OWIN - Authentication.SignOut()似乎并没有删除的cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!