IdentityServer4 + ASP.NET Identity 无法删除cookie 导致客户端无限自动登录
Yes, when you‘re using ASP.NET Identity they wire up internally their own cookie scheme, so you need to use their API to revoke their cookie as well.
当您使用ASP.NET Identity时,它们在内部连接了他们自己的cookie方案,因此您也需要使用他们的API来撤消他们的cookie。
if you are using the Quickstart UI AND leveraging ASP.NET Core Identity, you‘ll want to swap a line in the Logout action method of the IdentityServer implementation:
如果您使用快速入门UI并利用ASP.NET Core Identity,则需要在IdentityServer实现的Logout操作方法中交换一行
[HttpPost] [ValidateAntiForgeryToken] public async Task<IActionResult> Logout(LogoutFormModel model) { // build a model so the logged out page knows what to display var vm = await BuildLoggedOutViewModelAsync(model.LogoutId); if (User?.Identity.IsAuthenticated == true) { // delete local authentication cookie //await HttpContext.SignOutAsync(); // <-- replace this line await _signInManager.SignOutAsync(); // <-- with this one // raise the logout event await _events.RaiseAsync(new UserLogoutSuccessEvent(User.GetSubjectId(), User.GetDisplayName())); } return View("LoggedOut", vm); }
已成功删除