我有配置这样的OAuth登录时的WebAPI:WebAPI OAuth注销 - 如何删除令牌Cookie?
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = "https://www.microsoft.com/",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
,并登录使用
config.Filters.Add(new System.Web.Http.AuthorizeAttribute());
我现在想添加一个名为LogoutController的ApiController(猜它做什么)强制执行所有控制器。
I have found that I can logout from MVC使用
System.Web.Security.FormsAuthentication.SignOut();
但我不从的WebAPI注销的方式。我还没有找到任何信息如何从WebAPI注销。但我发现,there may be a bug in logout procedure, the cookie is kept and has to be removed manually,但随后,该代码是MVC一遍,它好像我不能得到一个HttpCookie
进入我HttpResponseMessage
对象:我怎样才能做到这一点我的WebAPI被注销
[HttpGet]
public HttpResponseMessage Logout()
{
FormsAuthentication.SignOut();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
var response = Request.CreateResponse(HttpStatusCode.OK);
response.Content = new StringContent("<html><title>Logout successful</title><body style=\"font-family:sans-serif\"><div style=\"display:table; width:100%; height:100%; margin:0; padding:0; \"><div style=\"display:table-cell; vertical-align:middle; text-align:center;\">You have been successfully logged out.<br>You can close this window/tab now.</div></div></body></html>");
response.Headers.AddCookies(cookie1); // Types don't match
return response;
}
并且在我登录之前需要再次完成OAuth?