OWIN – Authentication.SignOut () does not seem to remove the cookie

综合技术 2018-06-18 阅读原文

I'm having some issues with OWIN Cookie authentication. I have a .Net site that has some MVC pages which uses cookie authentication and WebAPI resources protected by a bearer token.

When I log out, I delete the access token on the client, so subsequent API requests will not have the token in the header and will thus fail the authentication. This part is fine.

In the same manner, I would also like the log out to delete the cookie used by the MVC pages. I did the following on the server:

[Route("Logout")]
    public IHttpActionResult Logout()
    {
        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignOut();
        return Ok();
    }

However, after the calling Logout, I can still visit the protected MVC page even though the cookie would have supposedly been deleted by the Logout call.

It seems so simple, so I might have missed something.

Thanks,

I had a similar problem for the past few days. Instead of

Request.GetOwinContext().Authentication.authenticationManager.SignOut();

Use ONE(and only one) of these:

Request.GetOwinContext().Authentication.SignOut();

Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

HttpContext.Current.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

This article explains why your cookies don't get deleted: http://dotnet.dzone.com/articles/catching-systemwebowin-cookie

I know my answer isn't the most research-based, but to tell you the truth, I just couldn't find WHY my provided code examples work for me. I just know that System.Web messes up Owins cookies if you do SignOut() another way.

Hello, buddy!

责编内容by:Hello, buddy!阅读原文】。感谢您的支持!

您可能感兴趣的

Session State In ASP.NET Core And MVC Core Introduction In this article, we will explain how to create a "Session State in ASP.NET Core and MVC Core" . Se...
MVP模式在携程酒店的应用和扩展 前言 酒店业务部门是携程旅行的几大业务之一,其业务逻辑复杂,业务需求变动快,经过多年的研发,已经是一个代码规模庞大的工程,如何规范代码,将代码按照其功能进行分类,将代码写到合适的地方对项目的迭代起着重要的作用。 MVP模式是目前客户端比较流行的框架模式,携程在很早之前就开始探索使用该模式进行...
Coming in ASP.NET Core 2.1 – top-level MVC p... This post looks at a feature coming in ASP.NET Core 2.1 related to Model Binding in ASP.NET Core MVC/Web API Controllers. I say it's a feature, but fr...
Maven with spring mvc Anybody who have a web project in maven with spring? I don't know why I can't get my project working, therefore I need to see a working project to und...
Total.js v2.9.1 发布,Node.js 的 MVC 框架 Total.js v2.9.1 已发布,Total.js 是一个 Node.js 框架,纯 JavaScript 编写,类似于 PHP 的 Laravel 或 Python 的 Django 。它可用于 Web、桌面、服务和 IoT 应用。 该版本带来了大量更新、修复和改进,部分内容如下: ...