I have Asp.net Core Identity version 2.0 Set up and running. I am finding that _signinManager.SignoutAsync is not logging out user once they have signed in with Google. When I go back to my Login Method it just shows the User as logged in with their Claims object still intact.
The code is really simple as below
[AllowAnonymous]
public ActionResult TestGoogle()
{
var redirectUrl = Url.Action(nameof(ExternalCallback), "Account", new { ReturnUrl = "" });
var properties = _signInManager.ConfigureExternalAuthenticationProperties("Google", redirectUrl);
return Challenge(properties, "Google");
}
public async Task<IActionResult> LogOff()
{
await _signInManager.SignOutAsync();
return RedirectToAction(nameof(HomeController.Index), "Home");
}
The problem is that your RedirectToAction overwrites the redirect to the Identity Server endsession URL that SignOutAsync issues.
As for SignOutAsync, what is obsolete is the Authentication portion -- as of ASP.NET Core 2.0 it's an extension directly off HttpContext itself.
(The same explanation for the same signout problem is given here by Microsoft's HaoK.)
Edit: The solution is to send a redirect URL in an AuthenticationProperties object with the final SignOutAsync:
// in some controller/handler, notice the "bare" Task return value
public async Task LogoutAction()
{
// SomeOtherPage is where we redirect to after signout
await MyCustomSignOut("/SomeOtherPage");
}
// probably in some utility service
public async Task MyCustomSignOut(string redirectUri)
{
// inject the HttpContextAccessor to get "context"
await context.SignOutAsync("Cookies");
var prop = new AuthenticationProperties()
{
RedirectUri = redirectUri
};
// after signout this will redirect to your provided target
await context.SignOutAsync("oidc", prop);
}
Just the first line solved my issue.
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await _SignInManager.SignOutAsync();
HttpContext.Response.Cookies.Delete(".AspNetCore.Cookies");
来源:https://stackoverflow.com/questions/46131517/asp-net-core-identity-2-0-signoutasync-is-not-logging-out-user-if-the-user-signe