ServiceStack:注销不会删除会话,因此请求经过身份验证的服务仍然有效

时间:2018-09-20 07:11:59

标签: c# .net servicestack

我已经实现了自定义的CredentialsAuthProvider。登录正常。登录之前,我无法调用任何需要身份验证的服务。但是登录后,我确实有权调用这些服务。即使我这样拨打登出电话:

_jsonServiceClient.Get(new Authenticate
{
    provider = "logout"
});

我可以打电话给那些服务。

当前,我没有在自定义AuthUserSession类上覆盖'OnLogout'。所请求的服务确实具有[Authenticate]属性。在添加我的AuthFeature插件时,我设置了DeleteSessionCookiesOnLogout = true

这是我当前用来测试它的代码:

var x = new JsonServiceClient("http://localhost:55776");

//Authenticate
x.Get(new Authenticate
{
    provider = CredentialsAuthProvider.Name,
    UserName = "admin",
    Password = "mypw",
    RememberMe = true
});

//Requesting service that required authentication: Works!
await x.GetAsync(new SyncServiceTimeRequest());

//Logout
x.Get(new Authenticate
{
    provider = "logout"
});

//Requesting service that required authentication: Still works!
await x.GetAsync(new SyncServiceTimeRequest());

这是我的AuthFeature 

var authFeature = new AuthFeature
(
    container.Resolve<IEnigmaUserSession>,
    new IAuthProvider[]
    {
        new EnigmaCredentialsProvider(container.Resolve<EnigmaContext>(), container.Resolve<IEnigmaUserRepository>(), container.Resolve<ILogClient>())
        {
            SessionExpiry = TimeSpan.FromDays(1)
        },
        new JwtAuthProvider(this.AppSettings)
        {
            AuthKeyBase64 = this.Settings.ApplicationConfiguration.JwtBaseKey,
            RequireSecureConnection = false,
            ExpireTokensIn = TimeSpan.FromDays(1),
            ExpireRefreshTokensIn = TimeSpan.FromDays(14)
        }
    }
)
{ IncludeAssignRoleServices = false, DeleteSessionCookiesOnLogout = true};

为什么注销后我的会话仍然存在?我想念什么?

更新:我现在使用HttpJsonClient(来自ServiceStack),并使用Fiddler检查原始标头。这是我的注销请求的结果:

this

UPDATE2: 注销前的请求标头如下:

enter image description here

注销后看起来像这样

enter image description here

UPDATE3:

public override bool IsAuthorized(string provider)
{
    var authProvider = AuthenticateService.GetAuthProvider(provider);
    return authProvider.IsAuthorized(this, null);
}

0 个答案:

没有答案
相关问题
最新问题