我已经在我的网络API控制器中实施了Login和Logout次操作
登录
[HttpPost]
[Route("Login")]
public IHttpActionResult LoginUser(LoginUserBindingModel model)
{
var request = HttpContext.Current.Request;
var tokenServiceUrl = request.Url.GetLeftPart(UriPartial.Authority) + request.ApplicationPath + "/Token";
using (var client = new HttpClient())
{
var requestParams = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", model.Username),
new KeyValuePair<string, string>("password", model.Password)
};
var requestParamsFormUrlEncoded = new FormUrlEncodedContent(requestParams);
var tokenServiceResponse = client.PostAsync(tokenServiceUrl, requestParamsFormUrlEncoded).Result;
var responseString = tokenServiceResponse.Content.ReadAsStringAsync().Result;
var responseCode = tokenServiceResponse.StatusCode;
if (responseCode != HttpStatusCode.OK) return BadRequest();
var responseMsg = new HttpResponseMessage(responseCode)
{
Content = new StringContent(responseString, Encoding.UTF8, "application/json")
};
//ApplicationUser user = UserManager.FindAsync("tester", "azerty123").Result;
ApplicationUser user = UserManager.FindByNameAsync(model.Username).Result;
if (user == null) return NotFound();
ClaimsIdentity oAuthIdentity = UserManager.CreateIdentityAsync(user, OAuthDefaults.AuthenticationType).Result;
IDictionary<string, string> data = new Dictionary<string, string>
{
//{ "userName", "tester" }
{ "userName", model.Username }
};
AuthenticationProperties properties = new AuthenticationProperties(data);
AuthenticationManager.SignOut(properties);
AuthenticationManager.SignIn(properties);
Dictionary<string, object> account = JsonConvert.DeserializeObject<Dictionary<string, object>>(responseString);
return Ok(account);
}
}
注销
[Route("Logout")]
[Authorize]
public IHttpActionResult Logout()
{
AuthenticationManager.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
问题在于,当我登录应用程序时,我得到令牌以使用一些安全服务。当我退出时,令牌仍然可用,我仍然可以使用安全服务。
所以我需要知道: