使用 Identity 2 创建一个 mvc 5 应用程序,我如何将其设置为使用会话 cookie,以便它们在浏览器关闭时过期
Created a mvc5 app with Identity2, how do i set it up to use session cookies, so they expire when the browser closes
创建了一个带有 Identity2 的 mvc5 应用程序,使用 google 登录(几乎是空的应用程序,打开了 google 东西)
如何设置它以使用会话 cookie,以便它们在浏览器关闭时过期。
该应用程序将供可能热交换座位的学生使用,因此我需要在浏览器关闭时登录过期。
我读了一篇暗示这是默认设置的 SO 文章,但是当我关闭浏览器并返回该站点时,它会记住 google 登录。
编辑
抱歉打扰大家了,但这不是重复的。
在假设的"answer"中的设置改变后在Chrome中重现,在IE中也重现...这是一个Asp.net Identity 2 +Google 登录问题,不是 Chrome 问题。
编辑
为安装帮助添加启动授权文件
using System;
using System.Configuration;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Google;
using Owin;
using StudentPortalGSuite.Models;
namespace StudentPortalGSuite
{
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes( 30 ),
regenerateIdentity: ( manager, user ) => user.GenerateUserIdentityAsync( manager )
)
},
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// per https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on - EWB
//dev-jcsn email
app.UseGoogleAuthentication( new GoogleOAuth2AuthenticationOptions()
{
ClientId = "...",
ClientSecret = "..."
} );
//});
}
}
}
编辑
我要解决的用例是,由于我们的应用程序是在教室中使用的,所以学生 A 关闭 his/her 浏览器而不是注销,然后下一个用户尝试登录。目前,它们已自动登录到用户 A 的帐户。
当重定向到登录页面时,我也想办法 100% 注销用户,但我尝试过的所有方法都不起作用。
也许你可以在页面上捕获 window 关闭事件并调用注销方法
$(window).on("beforeunload", function() {
//ajax call to a post controller that logs the user out
})
在登录控制器方法的顶部调用它解决了这个问题。
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ApplicationCookie );// - stralos s answer
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ExternalCookie );
创建了一个带有 Identity2 的 mvc5 应用程序,使用 google 登录(几乎是空的应用程序,打开了 google 东西)
如何设置它以使用会话 cookie,以便它们在浏览器关闭时过期。 该应用程序将供可能热交换座位的学生使用,因此我需要在浏览器关闭时登录过期。
我读了一篇暗示这是默认设置的 SO 文章,但是当我关闭浏览器并返回该站点时,它会记住 google 登录。
编辑
抱歉打扰大家了,但这不是重复的。
在假设的"answer"中的设置改变后在Chrome中重现,在IE中也重现...这是一个Asp.net Identity 2 +Google 登录问题,不是 Chrome 问题。
编辑
为安装帮助添加启动授权文件
using System;
using System.Configuration;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Google;
using Owin;
using StudentPortalGSuite.Models;
namespace StudentPortalGSuite
{
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes( 30 ),
regenerateIdentity: ( manager, user ) => user.GenerateUserIdentityAsync( manager )
)
},
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// per https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on - EWB
//dev-jcsn email
app.UseGoogleAuthentication( new GoogleOAuth2AuthenticationOptions()
{
ClientId = "...",
ClientSecret = "..."
} );
//});
}
}
}
编辑 我要解决的用例是,由于我们的应用程序是在教室中使用的,所以学生 A 关闭 his/her 浏览器而不是注销,然后下一个用户尝试登录。目前,它们已自动登录到用户 A 的帐户。
当重定向到登录页面时,我也想办法 100% 注销用户,但我尝试过的所有方法都不起作用。
也许你可以在页面上捕获 window 关闭事件并调用注销方法
$(window).on("beforeunload", function() {
//ajax call to a post controller that logs the user out
})
在登录控制器方法的顶部调用它解决了这个问题。
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ApplicationCookie );// - stralos s answer
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ExternalCookie );