问题
I am using Windows Identity foundation to manage login to our site.
When a user logs in i am using some information in his request to put into the claims. It is all working fine, but now I need to manage this scenario:
- user is already logged in, athenticated and has a valid token.
- But user decides to browses in again (via a redirect from another site)
- So his information in his request is different.
- I want to either
- Sign him out - so that he naturally creates a new token with his new information
- OR update his existing token.
So my question is:
- How do i Sign out of Windows Identity foundation?
- Or How do I update the existing claims?
I have tried this code:
public void ExpireClaims(HttpContextBase httpContextBase)
{
var module =
httpContextBase.ApplicationInstance.Modules["WSFederationAuthenticationModule"] as
WSFederationAuthenticationModule;
if (module == null)
{
return;
}
module.SignOut(true);
}
But module is alway null.
and i tried this:
public void FederatedSignOut(string replyUrl)
{
WSFederationAuthenticationModule.FederatedSignOut(null, new Uri(replyUrl));
}
But i get a null reference execption when i do this.
Thanks very much.
回答1:
Essentially sign-out is just deleting the cookie so:
FormsAuthentication.SignOut
or
FederatedAuthentication.SessionAuthenticationModule.SignOut
or
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie
will work.
Or use the FederatedPassiveSignInStatus (should be in your Toolbox). Set the property SignOutAction to FederatedSignOut and the control will clear out your STS session as well.
来源:https://stackoverflow.com/questions/8037598/windows-identity-foundation-sign-out-or-update-claims