如何注销 Owin 提供商?
How to Logout of Owin Providers?
我正在关注 this tutorial 但它没有告诉您如何注销。我试着做
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);
Request.GetOwinContext().Authentication.SignOut()
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
您可以在此处获取示例代码:https://github.com/AndersAbel/SocialLoginWithoutIdentity
只需要再添加一个动作
public ActionResult SignOut()
{
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);
return RedirectToAction("Index", "Home");
}
此方法加上我在上面发布的 3 行中的任意一行
我现在的结果是,我登录,我转到安全页面并可以看到它,然后我继续注销,然后在注销后尝试返回安全页面,我被允许回到那个安全页面页。
所以它实际上并没有真正让我退出。
在需要授权的 类 上使用 [Authorize] 属性:
[Authorize]
public class MeController : ApiController
{
// GET api/<controller>
public IEnumerable<object> Get()
{
var identity = User.Identity as ClaimsIdentity;
return identity.Claims.Select(c => new
{
Type = c.Type,
Value = c.Value
});
}
}
来源:http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
尝试设置缓存控制headers。
public ActionResult SignOut() {
var authenticationTypes = new string[] {
DefaultAuthenticationTypes.ApplicationCookie,
DefaultAuthenticationTypes.ExternalCookie
};
AuthenticationManager.SignOut(authenticationTypes);
// HACK: Prevent user from being able to go back to a logged in page once logged out
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
// now redirect
return RedirectToAction("Index", "Home");
}
private IAuthenticationManager AuthenticationManager {
get {
return Request.GetOwinContext().Authentication;
}
}
除非您尝试 JavaScript,否则无法阻止用户单击浏览器上的后退按钮,这可以被禁用。用户可以返回页面并查看上一页的内容,但如果他们尝试单击任何受保护的链接或刷新页面,他们将被重定向到登录。
如教程中所述,使用的中间件使用默认身份验证类型,但不要覆盖它。
通过仅使用 externalCookie 作为 Owin 的参数,您将清除 Asp、 的 cookie,而不是用于存储 Google 提供商的 cookie,
为此,您必须获取所有当前 cookie 的数组。
可以像这样简单地完成:
Request.GetOwinContext()
.Authentication
.SignOut(HttpContext.GetOwinContext()
.Authentication.GetAuthenticationTypes()
.Select(o => o.AuthenticationType).ToArray());
这就是Tutorial上所说的:
The call to UseGoogleAuthentication should be quite obvious why it’s needed.
But the first one toSetDefaultSignInAsAuthenticationType is not as
obvious.
login middleware normally relies on the external cookie middleware
registered before the social login middleware.
external cookie middleware, it sets itself as the default signin type.
That’s how the social login middleware knows that it should use the
external cookie. In this setup there is no external cookie, so we have
to manually set the main cookie middleware as the default signin type.
The cookie middleware will only issue a cookie if the
AuthenticationType matches the one in the identity created by the
social login middleware.Looking at the owin external authentication pipeline a socialIn the setup of the
我正在关注 this tutorial 但它没有告诉您如何注销。我试着做
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);
Request.GetOwinContext().Authentication.SignOut()
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);
您可以在此处获取示例代码:https://github.com/AndersAbel/SocialLoginWithoutIdentity
只需要再添加一个动作
public ActionResult SignOut()
{
Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);
return RedirectToAction("Index", "Home");
}
此方法加上我在上面发布的 3 行中的任意一行
我现在的结果是,我登录,我转到安全页面并可以看到它,然后我继续注销,然后在注销后尝试返回安全页面,我被允许回到那个安全页面页。
所以它实际上并没有真正让我退出。
在需要授权的 类 上使用 [Authorize] 属性:
[Authorize]
public class MeController : ApiController
{
// GET api/<controller>
public IEnumerable<object> Get()
{
var identity = User.Identity as ClaimsIdentity;
return identity.Claims.Select(c => new
{
Type = c.Type,
Value = c.Value
});
}
}
来源:http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
尝试设置缓存控制headers。
public ActionResult SignOut() {
var authenticationTypes = new string[] {
DefaultAuthenticationTypes.ApplicationCookie,
DefaultAuthenticationTypes.ExternalCookie
};
AuthenticationManager.SignOut(authenticationTypes);
// HACK: Prevent user from being able to go back to a logged in page once logged out
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
// now redirect
return RedirectToAction("Index", "Home");
}
private IAuthenticationManager AuthenticationManager {
get {
return Request.GetOwinContext().Authentication;
}
}
除非您尝试 JavaScript,否则无法阻止用户单击浏览器上的后退按钮,这可以被禁用。用户可以返回页面并查看上一页的内容,但如果他们尝试单击任何受保护的链接或刷新页面,他们将被重定向到登录。
如教程中所述,使用的中间件使用默认身份验证类型,但不要覆盖它。
通过仅使用 externalCookie 作为 Owin 的参数,您将清除 Asp、 的 cookie,而不是用于存储 Google 提供商的 cookie,
为此,您必须获取所有当前 cookie 的数组。 可以像这样简单地完成:
Request.GetOwinContext()
.Authentication
.SignOut(HttpContext.GetOwinContext()
.Authentication.GetAuthenticationTypes()
.Select(o => o.AuthenticationType).ToArray());
这就是Tutorial上所说的:
The call to UseGoogleAuthentication should be quite obvious why it’s needed.
But the first one toSetDefaultSignInAsAuthenticationType is not as obvious. login middleware normally relies on the external cookie middleware registered before the social login middleware. external cookie middleware, it sets itself as the default signin type. That’s how the social login middleware knows that it should use the external cookie. In this setup there is no external cookie, so we have to manually set the main cookie middleware as the default signin type. The cookie middleware will only issue a cookie if the AuthenticationType matches the one in the identity created by the social login middleware.Looking at the owin external authentication pipeline a socialIn the setup of the