Question

当我尝试登出我使用gmail授权的应用程序时 User.Identity.IsAuthenticated始终始终为true 这是我的

代码

public  IActionResult LogOff()
{
    HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

    return Challenge(new AuthenticationProperties { RedirectUri = "/Home/Index/" },
        "Google");
}

我的启动代码

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<RouteOptions>(options =>
    {
        options.LowercaseUrls = true;
        options.AppendTrailingSlash = true;
    });

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.LoginPath = "/Log/Outh/";
            options.LogoutPath = "/Log/LogOff/";
        })
        .AddGoogle(options =>
        {
            options.ClientId = Configuration["Logging:GoogleCredintial:ClientID"];
            options.ClientSecret = Configuration["Logging:GoogleCredintial:ClientSecret"];
            options.CallbackPath = "/Log/Outh";
        });

    services.AddMvc();
    services.AddMemoryCache();
}

Answer 1

Google不支持第三方退出。您将只能使用自己的系统从用户的Google帐户中注销。用户将需要转到Google并在那里注销。

我发现做到这一点的唯一方法是删除cookie

// Force delete the authentication cookie(s) we created when user signed in
if (HttpContext.Request.Cookies[".AspNetCore.MyCookie"] != null)
   {
    var siteCookies = HttpContext.Request.Cookies.Where(c => c.Key.StartsWith("AspNetCore.MyCookie"));
    foreach (var cookie in siteCookies)
       {
        Response.Cookies.Delete(cookie.Key);
       }
    }

SignOutAsync使我的User.Identity.IsAuthenticated仍然为真

1 个答案: