web api应用程序中的注销实现

时间:2016-05-19 10:16:00

标签: c# .net asp.net-mvc-4 asp.net-web-api oauth

我已经在我的网络API控制器中实施了LoginLogout次操作

登录

   [HttpPost] 
        [Route("Login")]
        public IHttpActionResult LoginUser(LoginUserBindingModel model)
        {
             var request = HttpContext.Current.Request;
            var tokenServiceUrl = request.Url.GetLeftPart(UriPartial.Authority) + request.ApplicationPath + "/Token";
            using (var client = new HttpClient())
            {
                var requestParams = new List<KeyValuePair<string, string>>
            {
                new KeyValuePair<string, string>("grant_type", "password"),
                new KeyValuePair<string, string>("username", model.Username),
                new KeyValuePair<string, string>("password", model.Password)
            };
                var requestParamsFormUrlEncoded = new FormUrlEncodedContent(requestParams);
                var tokenServiceResponse =  client.PostAsync(tokenServiceUrl, requestParamsFormUrlEncoded).Result;
                var responseString =  tokenServiceResponse.Content.ReadAsStringAsync().Result;
                var responseCode = tokenServiceResponse.StatusCode;
                if (responseCode != HttpStatusCode.OK) return BadRequest();
                var responseMsg = new HttpResponseMessage(responseCode)
                {
                    Content = new StringContent(responseString, Encoding.UTF8, "application/json")
                };
                //ApplicationUser user =  UserManager.FindAsync("tester", "azerty123").Result;

                ApplicationUser user = UserManager.FindByNameAsync(model.Username).Result;


                if (user == null) return NotFound();
                ClaimsIdentity oAuthIdentity = UserManager.CreateIdentityAsync(user, OAuthDefaults.AuthenticationType).Result;
                IDictionary<string, string> data = new Dictionary<string, string>
                {
                    //{ "userName", "tester" }
                    { "userName", model.Username }
                };
                AuthenticationProperties properties = new AuthenticationProperties(data);

                AuthenticationManager.SignOut(properties);
                AuthenticationManager.SignIn(properties);

                Dictionary<string, object> account =  JsonConvert.DeserializeObject<Dictionary<string, object>>(responseString);


                return Ok(account);
            }
        }

注销

 [Route("Logout")]
        [Authorize]
        public IHttpActionResult Logout()
        {
            AuthenticationManager.SignOut(CookieAuthenticationDefaults.AuthenticationType);
            return Ok();
        }

问题在于,当我登录应用程序时,我得到令牌以使用一些安全服务。当我退出时,令牌仍然可用,我仍然可以使用安全服务。

所以我需要知道:

  1. 这个问题的原因是什么?
  2. 我该如何解决?

0 个答案:

没有答案