OWIN – Authentication.SignOut () does not seem to remove the cookie

综合技术 2018-06-18

I'm having some issues with OWIN Cookie authentication. I have a .Net site that has some MVC pages which uses cookie authentication and WebAPI resources protected by a bearer token.

When I log out, I delete the access token on the client, so subsequent API requests will not have the token in the header and will thus fail the authentication. This part is fine.

In the same manner, I would also like the log out to delete the cookie used by the MVC pages. I did the following on the server:

[Route("Logout")]
    public IHttpActionResult Logout()
    {
        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignOut();
        return Ok();
    }

However, after the calling Logout, I can still visit the protected MVC page even though the cookie would have supposedly been deleted by the Logout call.

It seems so simple, so I might have missed something.

Thanks,

I had a similar problem for the past few days. Instead of

Request.GetOwinContext().Authentication.authenticationManager.SignOut();

Use ONE(and only one) of these:

Request.GetOwinContext().Authentication.SignOut();

Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

HttpContext.Current.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

This article explains why your cookies don't get deleted: http://dotnet.dzone.com/articles/catching-systemwebowin-cookie

I know my answer isn't the most research-based, but to tell you the truth, I just couldn't find WHY my provided code examples work for me. I just know that System.Web messes up Owins cookies if you do SignOut() another way.

Hello, buddy!

责编内容by:Hello, buddy! (源链)。感谢您的支持!

您可能感兴趣的

MVC、MVP和MVVM MVC MVC设计模式,主要是将逻辑代码,视图层代码,以及数据层代码分离的一种设计模式 M->Model(模型):是用于处理业务逻...
Android:聊聊我所理解的MVP 写在前面 最近冷静了一段时间,复习复习之前学的东西。再加上阴阳师一直抽不到SSR,所以打副本的时候想了想毕设项目架构该怎么办。 之前看很多开源软...
SpringMVC源码剖析5:消息转换器HttpMessageConverter与@Response... 转自 SpringMVC关于json、xml自动转换的原理研究 本系列文章首发于我的个人博客: https://h2pl.github.io/ ...
【Java】关于Spring MVC框架的总结 SpringMVC是一种基于Java,实现了Web MVC设计模式,请求驱动类型的轻量级Web框架,即使用了MVC架构模式的思想,将Web层进行职责解耦。基于请...
What is the minimum required to get Spring mvc 3&a... I have included jackson mapper in my pom file org.codehaus.jackso...