禁用用户的 2FA 后如何正确删除 .AspNet.TwoFactorRememberBrowser cookie?
How to properly remove .AspNet.TwoFactorRememberBrowser cookie after disabling user's 2FA?
Microsoft.AspNet.Identity V2.2:
当用户禁用 2FA(之前已启用)时 用户的 cookie .AspNet.TwoFactorRememberBrowser 仍然存在,并且在适当的情况下可能会带来安全风险。我正在寻找一种干净且适当的方法来删除该用户的 cookie,或者我是否应该将过期日期更改为过去的日期 - 如果是这样,我该怎么做?我用谷歌搜索了一堆都无济于事,好像没有人意识到 cookie 仍然存在。
因此,在没有更好的方法的情况下,看起来这可以解决异步函数 /Manage/DisableTwoFactorAuthentication 的问题。请注意 isPersistent = True 删除 cookie 而 isPersistent = False 只是将过期日期设置回来。
' POST: /Manage/DisableTwoFactorAuthentication
<HttpPost>
<ValidateAntiForgeryToken>
Public Async Function DisableTwoFactorAuthentication() As Task(Of ActionResult)
Await UserManager.SetTwoFactorEnabledAsync(User.Identity.GetUserId(), False)
Dim userInfo = Await UserManager.FindByIdAsync(User.Identity.GetUserId())
If userInfo IsNot Nothing Then
Await SignInManager.SignInAsync(userInfo, isPersistent:=False, rememberBrowser:=False)
Dim rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(userInfo.Id)
AuthenticationManager.SignIn(New AuthenticationProperties With {
.IsPersistent = True, 'False still leaves old cookie but with expired date
.ExpiresUtc = Date.UtcNow.AddDays(-1)
}, rememberBrowserIdentity)
End If
Return RedirectToAction("Index", "Manage")
End Function
希望这对某人有所帮助! :-)
Microsoft.AspNet.Identity V2.2:
当用户禁用 2FA(之前已启用)时 用户的 cookie .AspNet.TwoFactorRememberBrowser 仍然存在,并且在适当的情况下可能会带来安全风险。我正在寻找一种干净且适当的方法来删除该用户的 cookie,或者我是否应该将过期日期更改为过去的日期 - 如果是这样,我该怎么做?我用谷歌搜索了一堆都无济于事,好像没有人意识到 cookie 仍然存在。
因此,在没有更好的方法的情况下,看起来这可以解决异步函数 /Manage/DisableTwoFactorAuthentication 的问题。请注意 isPersistent = True 删除 cookie 而 isPersistent = False 只是将过期日期设置回来。
' POST: /Manage/DisableTwoFactorAuthentication
<HttpPost>
<ValidateAntiForgeryToken>
Public Async Function DisableTwoFactorAuthentication() As Task(Of ActionResult)
Await UserManager.SetTwoFactorEnabledAsync(User.Identity.GetUserId(), False)
Dim userInfo = Await UserManager.FindByIdAsync(User.Identity.GetUserId())
If userInfo IsNot Nothing Then
Await SignInManager.SignInAsync(userInfo, isPersistent:=False, rememberBrowser:=False)
Dim rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(userInfo.Id)
AuthenticationManager.SignIn(New AuthenticationProperties With {
.IsPersistent = True, 'False still leaves old cookie but with expired date
.ExpiresUtc = Date.UtcNow.AddDays(-1)
}, rememberBrowserIdentity)
End If
Return RedirectToAction("Index", "Manage")
End Function
希望这对某人有所帮助! :-)