【发布时间】:2018-08-24 06:29:09
【问题描述】:
我正在创建 web api 项目,默认情况下它有帐户控制器,我在其中找到了 Register、Logout 和其他 api。 使用 Web API 2、OAuth 和 OWIN
通过 /token 我生成了不记名令牌和他的过期时间,存储在 OWIN Cookie 身份验证中。
我的问题是:-
- 如何在用户注销时删除此令牌,因为在使用注销服务后,我仍然可以调用带有 [Authorize] 修饰的列表数据
- 我可以将它存储在数据库中并验证它,当用户注销时删除它
退出代码如下
// POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
// Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return ok();
}
我的 /token 代码如下
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true
};
}
【问题讨论】:
标签: asp.net-mvc authentication asp.net-web-api owin restful-authentication