英文:
HttpContext SignOutAsync inconsistency
问题
我有一个登录功能,用户通过他们的Microsoft帐户登录网站。
使用HttpContext类,我尝试使用SignOutAsync注销用户。我遇到的问题是,在Edge浏览器中这样做可以正常工作,但当我尝试在Chrome和Firefox的私人窗口中注销时,它并不会让我退出登录。
我尝试了不同的SignOutAsync重载,比如将CookieAuthenticationDefaults.AuthenticationScheme和OpenIdConnectDefaults.AuthenticationScheme传递进去,期望这能解决问题,但结果并没有如此。
如果需要更多细节来帮助解决问题,我可以提供更多信息。
英文:
I have a login function where the user logs in the website through their Microsoft account.
Using the HttpContext class, I am trying to sign out the user with SignOutAsync. The problem I come across is that it works when I do it in Edge, but when I try to sign out in a private window, in chrome, and in firefox, it doesn't sign me out.
[HttpGet("Logout")]
public async Task<IActionResult> Logout()
{
await this.HttpContext.SignOutAsync();
return RedirectToAction("Login", "Account");
}
[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
[HttpGet("Login")]
public async Task<IActionResult> Login()
{
return Redirect(this.homepageLink);
}
I have tried to different overloads of SignOutAsync, such as putting CookieAuthenticationDefaults.AuthenticationScheme, and OpenIdConnectDefaults.AuthenticationScheme, expecting it to fix the problem, but that did not end up happening.
I can provide more details if I am missing any that could help fix this.
答案1
得分: 1
根据您的设置,您需要确保注销所有不同的模式。以下是我使用的示例。首先删除cookie,然后使用OIDC的已知功能通过重定向到我的SSO应用程序执行全局注销。如果您使用OIDC,这将在客户端上不需要任何额外的代码。
public IActionResult Logout() => SignOut("Cookies", "oidc");
英文:
Depending on your setup, you need to make sure you sign out of all of the different schemas you are using. This is an example of what I use. It first deletes the cookie, and then uses the well-known functionality of OIDC to perform a global logout by redirecting to my SSO application. If you use OIDC, this works without any additional code on your client.
public IActionResult Logout() => SignOut("Cookies", "oidc");
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论