OWIN – Authentication.SignOut () does not seem to remove the cookie

综合技术 2018-06-18 阅读原文

I'm having some issues with OWIN Cookie authentication. I have a .Net site that has some MVC pages which uses cookie authentication and WebAPI resources protected by a bearer token.

When I log out, I delete the access token on the client, so subsequent API requests will not have the token in the header and will thus fail the authentication. This part is fine.

In the same manner, I would also like the log out to delete the cookie used by the MVC pages. I did the following on the server:

[Route("Logout")]
    public IHttpActionResult Logout()
    {
        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignOut();
        return Ok();
    }

However, after the calling Logout, I can still visit the protected MVC page even though the cookie would have supposedly been deleted by the Logout call.

It seems so simple, so I might have missed something.

Thanks,

I had a similar problem for the past few days. Instead of

Request.GetOwinContext().Authentication.authenticationManager.SignOut();

Use ONE(and only one) of these:

Request.GetOwinContext().Authentication.SignOut();

Request.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

HttpContext.Current.GetOwinContext().Authentication.SignOut(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie);

This article explains why your cookies don't get deleted: http://dotnet.dzone.com/articles/catching-systemwebowin-cookie

I know my answer isn't the most research-based, but to tell you the truth, I just couldn't find WHY my provided code examples work for me. I just know that System.Web messes up Owins cookies if you do SignOut() another way.

Hello, buddy!

责编内容by:Hello, buddy!阅读原文】。感谢您的支持!

您可能感兴趣的

Asp.net MVC 如何对所有用户输入的字符串字段做Trim处理... 经常需要对用户输入的数据在插入数据库或者判断之前做Trim处理,针对每个ViewModel的字段各自做处理是我们一般的想法。最近调查发现其实也可以一次性实现的。 MVC4.6中实现方式 1,实现IModelBinder接口,创...
WebAPI Common Interview Questions and Answers Following are some of the commonly asked Interview questions for WebAPI. ASP.NET Web API WebAPI is a framework fo...
我的Android重构之旅:架构篇 去年10月底来到了新公司,刚开始接手 Android 项目时,发现该项目真的是一团遭,项目开发上没有任何架构可言,开发人员连简单的 MVC、MVP 都不了解,Activity 及其臃肿,业务边界也不明确,因此我决定重新分析一下当前主...
Css3pie in MVC, where to place the pie&a... I've been trying to use the Css3pie in my MVC project to render rounded corner panel but have no luck so far. ...
The best MVC frameworks for Node.js Node.js is a JavaScript runtime, built on Chrome’s V8 JavaScript engine, that’s suitable for implementing both desktop a...