我有一个aspnet核心网站,带有cookie身份验证。 当我注销时,然后,当我点击浏览器的后退按钮时,我导航到最后一个网页,我不想要那个,我不想让用户重定向到登录页面进行身份验证试。
我的startup.cs
public void ConfigureServices(IServiceCollection services)
{
....
services.AddIdentity<ApplicationUser, ApplicationRole>(
config =>
{
config.User.RequireUniqueEmail = true;
config.SignIn.RequireConfirmedEmail = true;
config.Password.RequiredLength = 8;
config.Cookies.ApplicationCookie.LoginPath = "/Home/Login";
})
.AddEntityFrameworkStores<DbContext>()
.AddDefaultTokenProviders();
......
}
我的controller.cs
public class HomeController : Controller
{
.....
private readonly string _externalCookieScheme;
....
public HomeController(
.....
IOptions<IdentityCookieOptions> identityCookieOptions,
.....)
{
....
_externalCookieScheme = identityCookieOptions.Value.ExternalCookieAuthenticationScheme;
....
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> Login()
{
// Clear the existing external cookie to ensure a clean login process
await HttpContext.Authentication.SignOutAsync(_externalCookieScheme);
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> LogOff()
{
await HttpContext.Authentication.SignOutAsync(_externalCookieScheme); //don´t remove the cookie
_logger.LogInformation(4, "User logged out.");
return RedirectToAction(nameof(HomeController.Login), "Home");
}
}
我在这里缺少什么?
最好的问候。
jolynice
答案 0 :(得分:2)
您需要设置Cache-Control标头。对于单个页面或控制器,您可以像这样设置标题:
[ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]
如果不起作用,请确保未覆盖标题。您可以在我的博文中找到详细说明:How To Prevent the Back Button after Logout in ASP.NET Core MVC。
答案 1 :(得分:0)
确保在Logout操作方法中调用HttpContext.SignoutAsync()方法(使用正确的重载)。在此之后,如果按后退按钮,您将被重定向到登录