小贝子编程

ASP.NET Core 2.1-身份验证cookie已删除,但用户仍然可以登录,而无需重定向到外部登录



您好!我目前正在创建一个网站,该网站利用谷歌身份验证来实现内容个性化。我在登录和检索登录用户的信息方面没有问题,但当我调用SignOutAsync((函数时,.NET并没有完全注销用户,因为用户可以在再次单击"登录"按钮时立即登录。一旦我清除了浏览器缓存,当用户单击登录按钮时,就会重定向到谷歌登录页面。

Startup.cs:的服务配置

public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
// Configure authentication service
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "Google";
})
.AddCookie("Cookies")
.AddGoogle("Google", options =>
{
options.ClientId = Configuration["Authentication:Google:ClientId"];
options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
});
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton<IRecommender, OntologyRecommender>();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

Startup.cs:的中间件配置

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}

UserController.cs:上的登录操作

public IActionResult Login()
{
return Challenge(new AuthenticationProperties() { RedirectUri = "/" });
}

UserController.cs:上的注销操作

[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Logout()
{   
await HttpContext.SignOutAsync();
HttpContext.Response.Cookies.Delete(".AspNetCore.Cookies");
return RedirectToAction("Index", "Home");
}

我是ASP.NET核心身份验证领域的新手,所以如果有人能在这件事上帮助我,我将不胜感激,谢谢!

您需要循环浏览应用程序cookie-下面是一个示例代码片段:

if (HttpContext.Request.Cookies[".MyCookie"] != null)
{
var siteCookies = HttpContext.Request.Cookies.Where(c => c.Key.StartsWith(".MyCookie"));
foreach (var cookie in siteCookies)
{
Response.Cookies.Delete(cookie.Key);
}
}

您可以将用户重定向到Google的注销端点以注销:

await HttpContext.SignOutAsync();
HttpContext.Response.Cookies.Delete(".AspNetCore.Cookies");
return Redirect("https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://localhost:44310");

替换"https://localhost:44310"使用您自己的网站url。之后,当用户再次点击登录时,用户将被重定向到谷歌登录页面。

这不是.NET的问题,而是Google的工作方式。之所以会发生这种情况,只是因为只有一个帐户登录到谷歌帐户,而该帐户在该过程中会被默认。从谷歌账户注销你的谷歌账户,或者使用其他账户登录。

不过,一定要在您用于开发的浏览器中执行此操作。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium