Why call SignOut(DefaultAuthenticationTypes.Extern

2019-02-13 22:06发布

问题:

Why does this example call the SignOut for ExternalCookie before signing in with an ApplicationCookie? Is it just a way to make sure the authentication information is clean? (The full example is here: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity)

private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);

    var identity = await UserManager.CreateIdentityAsync(
       user, DefaultAuthenticationTypes.ApplicationCookie);

    AuthenticationManager.SignIn(
       new AuthenticationProperties() { 
      IsPersistent = isPersistent 
       }, identity);
}

回答1:

Its basically cleanup, the external cookie should get cleared eventually, its only needed to store the claims returned from google/fb/twitter etc such that app can pull whatever data it needs before signing the user. So SignIn is a good safe place to clear that external data.