我已设置并运行 Asp.net Core Identity 版本 2.0。我发现_signinManager.SignoutAsync
用户登录 Google 后不会注销用户。当我返回登录方法时,它仅显示用户已登录,其声明对象仍然完好无损。
代码非常简单,如下所示
[AllowAnonymous]
public ActionResult TestGoogle()
{
var redirectUrl = Url.Action(nameof(ExternalCallback), "Account", new { ReturnUrl = "" });
var properties = _signInManager.ConfigureExternalAuthenticationProperties("Google", redirectUrl);
return Challenge(properties, "Google");
}
public async Task<IActionResult> LogOff()
{
await _signInManager.SignOutAsync();
return RedirectToAction(nameof(HomeController.Index), "Home");
}
问题是你的RedirectToAction
覆盖到 Identity Server 结束会话 URL 的重定向SignOutAsync
issues.
As for SignOutAsync
,过时的是Authentication
部分——从 ASP.NET Core 2.0 开始,它是直接扩展HttpContext
itself.
(对于相同的注销问题给出了相同的解释here https://github.com/aspnet/Security/issues/313#issuecomment-120668602由微软的Haok开发。)
编辑:解决方案是在AuthenticationProperties
对象与最终SignOutAsync
:
// in some controller/handler, notice the "bare" Task return value
public async Task LogoutAction()
{
// SomeOtherPage is where we redirect to after signout
await MyCustomSignOut("/SomeOtherPage");
}
// probably in some utility service
public async Task MyCustomSignOut(string redirectUri)
{
// inject the HttpContextAccessor to get "context"
await context.SignOutAsync("Cookies");
var prop = new AuthenticationProperties()
{
RedirectUri = redirectUri
};
// after signout this will redirect to your provided target
await context.SignOutAsync("oidc", prop);
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)