我已使用 owin 登录,但无法注销。
在开始时:
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(20),
Provider = new AuthorizationServerProvider(),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
};
app.UseOAuthBearerTokens(OAuthServerOptions);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
}
在 AuthorizationServerProvider 中:
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
return Task.FromResult(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*"});
using (demoEntities _repo = new demoEntities())
{
if (!_repo.users.Where(x => x.username == context.UserName && x.pass == context.Password).Any())
{
context.SetError("invalid_grant", "wrong.");
//context.Rejected();
return;
}
}
//context.Request.
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
if (context.Request.Path.Value != "/api/apidemo/logout")
{
context.Request.Context.Authentication.SignIn(identity);
}
else
{
context.Request.Context.Authentication.SignOut();
}
context.Validated(identity);
}
在 API 控制器中:
[HttpGet]
[ActionName("logout")]
public IHttpActionResult logout()
{
Request.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
this.Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
return Ok();
}
我调用注销然后使用旧令牌,但它仍然可以使用。那么注销不起作用吗?
感谢您的观看。