Cannot logoff of identity MVC 5 application

2019-06-19 00:33发布

站内问答 / C#
1942 7 6

I'm making a new (empty template) ASP.NET MVC 5 application and I cannot logoff of this app. My logoff Action:

public ActionResult LogOff()
{
    if (User.Identity.IsAuthenticated)
    {
        //break here
    }
    try
    {
        AuthenticationManager.SignOut();
        if (User.Identity.IsAuthenticated || Request.IsAuthenticated)
        {
            //break here;
        }
    }
    return RedirectToAction("Login", "Account");
}

Startup class:

public partial class Startup
{
    public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    }
}

Application Context:

 public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
 {
    public ApplicationDbContext()
        : base("DefaultConnection", false)
    {
    }
 }

Connection string:

<connectionStrings>
<add name="DefaultConnection" connectionString="Server=.;Database=DataTest;Trusted_Connection=True;" providerName="System.Data.SqlClient" />
</connectionStrings>

The action LogOff() executes without problems and redirects me to the 'Login' action but I am still logged in. What is wrong with it?

7条回答
迷人小祖宗
2楼-- · 2019-06-19 00:57

About ASP .Net MVC Logout not working:-

I had a problem where app hosted on IIS in production modes was not working right with chrome

though it was worked right while - using Visual Studio Dev hosting in all browsers - in production mode over IE

I had problems in Startup.Auth.CS. Make sure duplicate configurations are not there for following things

app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.UseCookieAuthentication((new CookieAuthenticationOptions(.....))
查看更多
0人赞 添加讨论(0) 举报
狗以群分
3楼-- · 2019-06-19 00:58

This worked for me: create a route in your RouteConfig.cs like 

 routes.MapRoute(
       "userlogout",
       "Account/Logout",
       new { controller = "Account", action = "LogOff" }
       );

And you can maintain the default logoff code in AccountController.cs or add the additions(like session.abandon(); etc) others have suggested But just as below should work

[HttpPost] 
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
    AuthenticationManager.SignOut();

    return RedirectToAction("Login", "Account");
}
查看更多
0人赞 添加讨论(0) 举报
Juvenile、少年°
4楼-- · 2019-06-19 01:05

Try this:

[HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult LogOff()
    {
        //AuthenticationManager.SignOut();
        AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie, DefaultAuthenticationTypes.ExternalCookie);
        Session.Abandon();
        return RedirectToAction("Login", "Account");
    }
查看更多
0人赞 添加讨论(0) 举报
Luminary・发光体
5楼-- · 2019-06-19 01:05 
app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                LogoutPath = new PathString("/Account/SignOut"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                }
            });

^^Set the "LogoutPath" in Startup.Auth.cs to whatever route you desire

查看更多
0人赞 添加讨论(0) 举报
做个烂人
6楼-- · 2019-06-19 01:07

This seems to work well for me.

public ActionResult Logoff()
{
    HttpContext.Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
    HttpContext.Response.Cache.SetCacheability(HttpCacheability.NoCache);
    HttpContext.Response.Cache.SetNoStore();

    Session.Clear();
    Session.Abandon();
    Session.RemoveAll();
    FormsAuthentication.SignOut();
    return RedirectToAction("Index", "Home");
}
查看更多
0人赞 添加讨论(0) 举报
淡お忘
7楼-- · 2019-06-19 01:08

In this case you could also do the following: Remove the [HttpPost] from your LogOff action and put the [HttpGet] instead. You only need to pass the AntiForgeryToken. But the question will be if this is a very secure way. more information available here: Using MVC3's AntiForgeryToken in HTTP GET to avoid Javascript CSRF vulnerability 

[HttpGet] 
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
     AuthenticationManager.SignOut();
     return RedirectToAction("Login", "Account");
}
查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)