问题描述
我已经安装并运行了 Asp.net Core Identity 2.0 版.我发现 _signinManager.SignoutAsync
用户在使用 Google 登录后不会注销.当我返回到我的登录方法时,它只显示用户已登录且他们的 Claims 对象仍然完好无损.
I have Asp.net Core Identity version 2.0 Set up and running. I am finding that _signinManager.SignoutAsync
is not logging out user once they have signed in with Google. When I go back to my Login Method it just shows the User as logged in with their Claims object still intact.
代码非常简单,如下
[AllowAnonymous]
public ActionResult TestGoogle()
{
var redirectUrl = Url.Action(nameof(ExternalCallback), "Account", new { ReturnUrl = "" });
var properties = _signInManager.ConfigureExternalAuthenticationProperties("Google", redirectUrl);
return Challenge(properties, "Google");
}
public async Task<IActionResult> LogOff()
{
await _signInManager.SignOutAsync();
return RedirectToAction(nameof(HomeController.Index), "Home");
}
推荐答案
问题是您的 RedirectToAction
覆盖了重定向到 SignOutAsync
发出的 Identity Server endsession URL.
The problem is that your RedirectToAction
overwrites the redirect to the Identity Server endsession URL that SignOutAsync
issues.
至于 SignOutAsync
,过时的是 Authentication
部分——从 ASP.NET Core 2.0 开始,它是 HttpContext
的直接扩展自己.
As for SignOutAsync
, what is obsolete is the Authentication
portion -- as of ASP.NET Core 2.0 it's an extension directly off HttpContext
itself.
(在此处给出了对相同注销问题的相同解释由微软的 HaoK 提供.)
(The same explanation for the same signout problem is given here by Microsoft's HaoK.)
解决方案是在带有最终 SignOutAsync
的 AuthenticationProperties
对象中发送重定向 URL:
The solution is to send a redirect URL in an AuthenticationProperties
object with the final SignOutAsync
:
// in some controller/handler, notice the "bare" Task return value
public async Task LogoutAction()
{
// SomeOtherPage is where we redirect to after signout
await MyCustomSignOut("/SomeOtherPage");
}
// probably in some utility service
public async Task MyCustomSignOut(string redirectUri)
{
// inject the HttpContextAccessor to get "context"
await context.SignOutAsync("Cookies");
var prop = new AuthenticationProperties()
{
RedirectUri = redirectUri
};
// after signout this will redirect to your provided target
await context.SignOutAsync("oidc", prop);
}
这篇关于如果用户使用 Google 登录,ASP.NET Core Identity 2.0 SignoutAsync 不会注销用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!