如果用户保存其 cookie、注销,然后将其 cookie 导入回浏览器,则他们将成功登录。我怎样才能SigninManager杀死他们的会话服务器端呢?我读过有关放弃的内容,但似乎不可用。这是我的代码:await _signInManager.SignOutAsync();
HttpContextAccessor httpCon = new HttpContextAccessor();
httpCon.HttpContext.Session.Clear();
1 回答
温温酱
TA贡献1752条经验 获得超4个赞
这是正常的过程。要在注销后使身份 cookie 失效,您可以SecurityStamp按照以下步骤更新并检查它:
CustomCookieAuthenticationEvents
public class CustomCookieAuthenticationEvents : CookieAuthenticationEvents
{
private readonly SignInManager<IdentityUser> _signInManager;
public CustomCookieAuthenticationEvents(SignInManager<IdentityUser> signInManager)
{
// Get the database from registered DI services.
_signInManager = signInManager;
}
public override async Task ValidatePrincipal(CookieValidatePrincipalContext context)
{
var userPrincipal = context.Principal;
var user = await _signInManager.ValidateSecurityStampAsync(userPrincipal);
if (user == null)
{
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(
IdentityConstants.ApplicationScheme);
}
}
}
注册并配置CustomCookieAuthenticationEvents
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.ConfigureApplicationCookie(options =>
{
options.EventsType = typeof(CustomCookieAuthenticationEvents);
});
services.AddScoped<CustomCookieAuthenticationEvents>();
退出流程
await _signInManager.SignOutAsync();
var user = await _userManager.GetUserAsync(User);
await _userManager.UpdateSecurityStampAsync(user);
_logger.LogInformation("User logged out.");
- 1 回答
- 0 关注
- 83 浏览
添加回答
举报
0/150
提交
取消