注销Asp Net Core后如何防止浏览器后退按钮

Question

我有一个带有 cookie 身份验证的 aspnet 核心网站。当我注销，然后，当我点击浏览器的后退按钮时，我导航到最后一个网页，我不希望这样，我不希望用户被重定向到登录页面以进行身份验证再次.

我的startup.cs

public void ConfigureServices(IServiceCollection services)
        {
          ....
            services.AddIdentity<ApplicationUser, ApplicationRole>(
            config =>
            {
                config.User.RequireUniqueEmail = true;
                config.SignIn.RequireConfirmedEmail = true;
                config.Password.RequiredLength = 8;
                config.Cookies.ApplicationCookie.LoginPath = "/Home/Login";
            })
            .AddEntityFrameworkStores<DbContext>()
            .AddDefaultTokenProviders();
        ......
        }

我的controller.cs

 public class HomeController : Controller
    {
        .....
        private readonly string _externalCookieScheme;
        ....


        public HomeController(
           .....
            IOptions<IdentityCookieOptions> identityCookieOptions,
            .....)
        {
            ....
            _externalCookieScheme = identityCookieOptions.Value.ExternalCookieAuthenticationScheme;
            ....

        }




        [HttpGet]
        [AllowAnonymous]
        public async Task<IActionResult> Login()
        {
            // Clear the existing external cookie to ensure a clean login process
            await HttpContext.Authentication.SignOutAsync(_externalCookieScheme);
            return View();
        }

        [HttpPost]
        [ValidateAntiForgeryToken]
        public async Task<IActionResult> LogOff()
        {
            await HttpContext.Authentication.SignOutAsync(_externalCookieScheme); //don´t remove the cookie
            _logger.LogInformation(4, "User logged out.");
            return RedirectToAction(nameof(HomeController.Login), "Home");
        }       
}

我在这里缺少什么？

此致。

乔丽妮丝

Answer 1

您需要设置 Cache-Control header。对于单个页面或控制器，您可以这样设置 header：

[ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]

如果这不起作用，请确保 header 没有被覆盖。你可以在我的博客post中找到详细的解释：How To Prevent the Back Button after Logout in ASP.NET Core MVC.

Answer 2

确保在您的注销操作方法中调用 HttpContext.SignoutAsync() 方法（使用正确的重载）。在此之后，如果您按后退按钮，您将被重定向到登录

注销Asp Net Core后如何防止浏览器后退按钮

How to prevent browser back button after logout Aspnet Core

authentication

cookies

core

logoff

back