我们的网站有时会决定您无法注销,大部分时间都可以注销。以下是此事的基本内容。我在远程服务器上使用Chrome和IE看到了这个问题,并使用VS进行了本地测试。它甚至决定成为一个问题足够长时间与本地测试尝试强制删除会话清除/放弃并将所有cookie日期设置为-1天。没有帮助。
请注意,一旦我执行F12并清除域的cookie,问题就会停止并且用户已注销。我已经更改了SignOut(...),因为你看到它并且没有变化。同样,这种情况有时候很难测试。
系统似乎无法从浏览器中删除Cookie,但我无法看到原因,并且使用不同的浏览器使其更不合理。
我知道这个链接,看起来很相似:Cannot logoff of identity MVC 5 application
建议尝试什么或在哪里看,谢谢。
Login
var user = await UserManager.FindAsync(model.Email, model.Password);
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true }, await user.GenerateUserIdentityAsync(UserManager));
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
return RedirectToAction("Index", "Home");
}
编辑: 寻找Chrome F12-Cookies。如果我只是删除.AspNet.ApplicationCookie并尝试导航我已登录。按下注销选项仍然不起作用。我发现cookie在14天后到期,日期不会改变。实际上似乎默认系统不是试图使cookie过期或者也不允许。这个源代码是否可用?
答案 0 :(得分:4)
I think I know what the problem is here - although I'm not sure how to fix it, such is the mess of documentation for asp.net identity sometimes ;(
I had exactly the same symptoms. The key issue is, do you use a SecurityStampValidator
that verifies and recreates (if needed) your cookie?
I do, and mine is set to validate very frequently (from my Startup.auth):
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, User, int>(
validateInterval: TimeSpan.FromMinutes(1),
regenerateIdentityCallback: (manager, user) =>
{
return user.GenerateUserIdentityAsync(manager);
},
getUserIdCallback: id => (int.Parse(id.GetUserId()))
),
},
So assuming that you have similar code - how do you recreate. Simple - log in, hit a page on your app, then wait for the defined validateInterval to lapse - so for me, wait 1 minue. After 1 minute, log off. Boom. I'm not logged off.
Now, the issue here is that the GenerateUserIdentiyAsync method RECREATES your auth cookie, right after the signout has happened. I've verified that with logging - the _authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
in my LogOff action is happening, and then the cookie gets regenerated. Doh.
How to fix - well the obvious thing is to increase the validateInterval, but that impacts security - If someone is logged on to 2 computers, and changes their password, I'd like both accounts to be logged out pretty swiftly - which is what this does.
So, that's (probably) the cause. Sorry I can't offer a nice fix :(
答案 1 :(得分:0)
我遇到了同样的问题,一段时间后无法使用ASP.NET MVC 5和谷歌浏览器注销,并且刚刚在帖子中找到了解决方案:ASP.Net MVC 5 w/identity 2.2.0 Log off not working。这个问题现在已经解决了,但我需要再测试一下,因为它是间歇性问题。这篇文章中有人确认他们的问题也得到了解决。所以,试一试!