综合技术

OWIN – Authentication.SignOut () does not seem to remove the cookie

微信扫一扫,分享到朋友圈

OWIN – Authentication.SignOut () does not seem to remove the cookie
0

I’m having some issues with OWIN Cookie authentication. I have a .Net site that has some MVC pages which uses cookie authentication and WebAPI resources protected by a bearer token.

When I log out, I delete the access token on the client, so subsequent API requests will not have the token in the header and will thus fail the authentication. This part is fine.

In the same manner, I would also like the log out to delete the cookie used by the MVC pages. I did the following on the server:

[Route("Logout")]
    public IHttpActionResult Logout()
    {
        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignOut();
        return Ok();
    }

However, after the calling Logout, I can still visit the protected MVC page even though the cookie would have supposedly been deleted by the Logout call.

It seems so simple, so I might have missed something.

Thanks,

I had a similar problem for the past few days. Instead of

Request.GetOwinContext().Authentication.authenticationManager.SignOut();

Use ONE(and only one) of these:

Request.GetOwinContext().Authentication.SignOut();

Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

HttpContext.Current.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

This article explains why your cookies don’t get deleted: http://dotnet.dzone.com/articles/catching-systemwebowin-cookie

I know my answer isn’t the most research-based, but to tell you the truth, I just couldn’t find WHY my provided code examples work for me. I just know that System.Web messes up Owins cookies if you do SignOut() another way.

阅读原文...

Hello, buddy!

Apple's new iPhone software lets you create an animated version of yourself -- here's how i...

上一篇

The War on Tesla, Musk, and the Fight for the Future

下一篇

您也可能喜欢

评论已经被关闭。

插入图片
OWIN – Authentication.SignOut () does not seem to remove the cookie

长按储存图像,分享给朋友