C# ASP.NET Identity 2.0注销不起作用
我正在用ASP.NET和Identity 2.0编写一个Web API。只有在用户成功“登录”的情况下,才能访问API。登录很好,但是注销(signout)似乎不起作用。下面是我正在使用的一些代码: 身份配置:C# ASP.NET Identity 2.0注销不起作用,c#,asp.net,asp.net-mvc,angularjs,asp.net-identity-2,C#,Asp.net,Asp.net Mvc,Angularjs,Asp.net Identity 2,我正在用ASP.NET和Identity 2.0编写一个Web API。只有在用户成功“登录”的情况下,才能访问API。登录很好,但是注销(signout)似乎不起作用。下面是我正在使用的一些代码: 身份配置: public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; } public void Configuration(IAppBuilder app) { app.Cr
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }
public void Configuration(IAppBuilder app)
{
app.CreatePerOwinContext<IdentityDbContext<IdentityUser>>(HLAccountManager.CreateDbContext);
app.CreatePerOwinContext<UserManager<IdentityUser>>(HLAccountManager.CreateUserManager);
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
GlobalConfiguration.Configuration.SuppressDefaultHostAuthentication();
GlobalConfiguration.Configuration.Filters.Add(new HostAuthenticationFilter("Bearer"));
}
[HttpPost]
[ActionName("Authenticate")]
[AllowAnonymous]
public String Authenticate(JObject data)
{
dynamic json = data;
string user = json.user;
string password = json.password;
if (string.IsNullOrEmpty(user) || string.IsNullOrEmpty(password))
return "failed";
var userIdentity = UserManager.FindAsync(user, password).Result;
if (userIdentity != null)
{
var identity = new ClaimsIdentity(IdentityConfig.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userIdentity.Id));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
string AccessToken = IdentityConfig.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
return AccessToken;
}
return "failed";
}
[HttpGet]
[Authorize]
[ActionName("Logout")]
public String Logout()
{
var owinContext = HttpContext.Current.GetOwinContext();
owinContext.Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie, DefaultAuthenticationTypes.ExternalBearer);
return "OK";
}
身份验证方法运行良好。我的webapp从请求中获取一个令牌,我可以将其设置为授权标头(例如,对于angular应用,以$http为单位)。对[Authorize]-注释函数的后续调用将正确返回。
但是,如果我调用Logout,它将正确返回“OK”字符串,但不会使令牌无效。如果在调用Logout后调用Authorize方法,我仍然会得到正确的值,而不是预期的401-Unauthorized
- 我看过这篇文章:并尝试了不带参数的注销。那也不行
- HttpContext没有GetOwinContext。它在HttpContext中,在我的案例中是最新的。我做错什么了吗
- 为什么我的注销方法不起作用