Asp.net HttpContext.SignOutAsync()未删除本地cookie
我正沿着这条路走,以了解它是如何实现的。我的Asp.net HttpContext.SignOutAsync()未删除本地cookie,asp.net,cookies,identityserver4,Asp.net,Cookies,Identityserver4,我正沿着这条路走,以了解它是如何实现的。我的Startup.cs几乎相同,我的AccountController.cs类的实现大致相同,依此类推 但是,似乎与本地身份验证cookie的处理方式存在某种低级冲突 1) 在启动过程中,我不会调用app.UseAuthentication(),因为IdentityServer稍后会进行设置。我甚至从quickstart项目逐字复制了services.AddAuthentication(),但仍然存在问题 登录时,Quickstart项目生成两个cook
Startup.cs
几乎相同,我的AccountController.cs
类的实现大致相同,依此类推
但是,似乎与本地身份验证cookie的处理方式存在某种低级冲突
1) 在启动过程中,我不会调用app.UseAuthentication()
,因为IdentityServer稍后会进行设置。我甚至从quickstart项目逐字复制了services.AddAuthentication()
,但仍然存在问题
登录时,Quickstart项目生成两个cookie:一个伪造验证cookie和一个名为idsrv
的cookie。项目中没有明确定义这样做
然而,当我运行它的实现时,我得到了三个cookie:伪造验证cookie、idsrv.session
cookie和.AspNetCore.Identity.Application
cookie。我可以强制ASP.NET将cookie命名为“idsrv”,但.session cookie的存在使我相信它使用的方案不正确
2) 当我尝试通过调用HttpContext.SignOutAsync()
注销时,cookie不会被删除,也不会发生任何事情:它保持登录状态。我发现了类似的问题,但这些问题似乎是a)实现外部身份验证和b)实现可能覆盖签出url的重定向。我两者都不做
我的登录实现:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login( LoginInputModel model, string action )
{
var context = await _interactionService.GetAuthorizationContextAsync( model.ReturnUrl );
if( action != "Login" )
{
if( context != null )
{
// Handle a cancelled login
await _interactionService.GrantConsentAsync( context, ConsentResponse.Denied );
}
else
return Redirect( "~/" );
}
var errors = ModelState.Values.SelectMany( v => v.Errors );
if( ModelState.IsValid )
{
var user = await _userManager.FindByNameAsync( model.Username );
if( user != null && await _userManager.CheckPasswordAsync( user, model.Password ) )
{
await _eventService.RaiseAsync( new UserLoginSuccessEvent( user.UserName, user.Id, user.UserName ) );
//Handle RememberMe Checkbox
AuthenticationProperties props = null;
if( model.RememberMe )
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add( Config.AccountRememberMeDuration ),
};
}
//Issue Auth Cookie
await HttpContext.SignInAsync( user.Id, user.UserName, props );
if( _interactionService.IsValidReturnUrl( model.ReturnUrl ) || Url.IsLocalUrl( model.ReturnUrl ) )
return Redirect( model.ReturnUrl );
return Redirect( "~/" );
}
//If we made it this far, the authentication failed
await _eventService.RaiseAsync( new UserLoginFailureEvent( model.Username, "Invalid Credentials" ) );
ModelState.AddModelError( "", "Invalid Credentials" );
}
//Display form with error message
model.Password = string.Empty;
return View( model );
}
[HttpGet]
public async Task Logout( LogoutInputModel model )
{
if( User?.Identity.IsAuthenticated == true )
{
await HttpContext.SignOutAsync();
await _eventService.RaiseAsync( new UserLogoutSuccessEvent( User.GetSubjectId(), User.GetDisplayName() ) );
}
}
My Startup.cs:
public void ConfigureServices( IServiceCollection services )
{
services.AddMvc();
services.AddIdentityServer()
.AddOperationalStore( options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer( Config.ConnectionString, sqlOptions => sqlOptions.MigrationsAssembly( Config.MigrationsAssembly ) );
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 30; //Every 30 seconds
} )
.AddConfigurationStore( options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer( Config.ConnectionString, sqlOptions => sqlOptions.MigrationsAssembly( Config.MigrationsAssembly ) );
} )
.AddDeveloperSigningCredential();
services.AddDbContext<CustomUserContext>( builder =>
builder.UseSqlServer( Config.ConnectionString, sqlOptions => sqlOptions.MigrationsAssembly( Config.MigrationsAssembly ) )
);
services.AddIdentity<CustomUser, CustomRole>()
.AddEntityFrameworkStores<CustomUserContext>();
services.AddAuthentication();
}
public void Configure( IApplicationBuilder app, IHostingEnvironment env )
{
if( env.IsDevelopment() )
app.UseDeveloperExceptionPage();
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute(); //TODO: Routes
}
public void配置服务(IServiceCollection服务)
{
services.AddMvc();
services.AddIdentityServer()
.addStore(选项=>
{
options.ConfigureDbContext=builder=>
builder.UseSqlServer(Config.ConnectionString,sqlOptions=>sqlOptions.migrationassembly(Config.migrationassembly));
options.EnableTokenCleanup=true;
options.TokenCleanupInterval=30;//每30秒
} )
.AddConfigurationStore(选项=>
{
options.ConfigureDbContext=builder=>
builder.UseSqlServer(Config.ConnectionString,sqlOptions=>sqlOptions.migrationassembly(Config.migrationassembly));
} )
.AddDeveloperSigningCredential();
services.AddDbContext(builder=>
builder.UseSqlServer(Config.ConnectionString,sqlOptions=>sqlOptions.MigrationsAssembly(Config.MigrationsAssembly))
);
服务.额外性()
.AddEntityFrameworkStores();
services.AddAuthentication();
}
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(env.IsDevelopment())
app.UseDeveloperExceptionPage();
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();//TODO:路由
}
如何调用注销函数:
<div class="account-actions">
@using( Html.BeginForm( "Logout", "Account", FormMethod.Get ) )
{
<input type="submit"
class="account-action-button account-action-logout"
value="Logout" />
}
</div>
@使用(Html.BeginForm(“注销”、“帐户”、FormMethod.Get))
{
}
据我所知,您正在MVC应用程序中共同托管IdentityServer,我相信您需要为MVC应用程序配置Cookie中间件。您现在在Startup.cs中的配置是针对IdentityServer本身的。您得到的cookie是用于IdentityServer的cookie
在本示例中,查看如何配置cookie身份验证+OIDC:
我也有同样的问题。我想我可以尝试调用
SignOutAsync(schema)
。通过尝试注销不存在的架构,我收到了一条错误消息,其中包含支持的架构列表。其中一个是“Identity.Application”,在上面做一个注销就行了。例如
等待这个.HttpContext.SignOutAsync(“Identity.Application”);
您使用的是哪种类型的客户端(例如:MVC)?@tha4我使用的是直接烘焙到IdentityServer项目中的MVC,正如@bychkov所提到的,很可能您没有正确配置cookie中间件。我不确定是否可以将MVC应用程序与IDS4共存,因为两者都依赖于Cookie中间件来登录。可以共同托管Web API和IDS4,因为它将使用承载令牌进行身份验证()我正在玩ASPNet Identity Core和IdentityServer,现在我看到您正在调用services.AddIdentity,但是IdS文档提到您需要在设置IdS之前调用它:注意,这里引用了文档中的一句话:在使用ASP.NET Identity时,在DI系统中ASP.NET Identity之后注册IdentityServer非常重要,因为IdentityServer正在覆盖ASP.NET Identity中的某些配置。