如何在OWIN ASP.NET MVC5中注销用户

Question

我有一个ASP.NET MVC5项目的标准AccountController类. 当我尝试注销用户,我面临的一个错误堂妹HttpContext是null.(我的意思是HttpContext.GetOwinContext().身份验证为空)

所以当会话结束时我无法了解如何注销用户...

在global.asax我有这个

protected void Session_Start(object sender, EventArgs e)
{
     Session.Timeout = 3; 
}

protected void Session_End(object sender, EventArgs e)
{
            try
            {
                 var accountController = new AccountController();
                 accountController.SignOut();
            }
            catch (Exception)
            {
            }
}

的AccountController

public void SignOut()
{
      // Even if I do It does not help coz HttpContext is NULL
      _authnManager = HttpContext.GetOwinContext().Authentication;    

    AuthenticationManager.SignOut();


}

private IAuthenticationManager _authnManager;  // Add this private variable


public IAuthenticationManager AuthenticationManager // Modified this from private to public and add the setter
{
            get
            {
                if (_authnManager == null)
                    _authnManager = HttpContext.GetOwinContext().Authentication;
                return _authnManager;
            }
            set { _authnManager = value; }
}

Startup.Auth.cs 有

 public void ConfigureAuth(IAppBuilder app)
        {
            // Enable the application to use a cookie to store information for the signed in user
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                ExpireTimeSpan = TimeSpan.FromMinutes(3),
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login")
            });
}

Answer 1

假设您使用ApplicationCookie存储登录信息.

AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

Answer 2

对Session_End()的调用导致异常.这完全是预期的,因为你不能简单地创建new AccountController(),调用accountController.SignOut()并期望它工作.这个新的控制器没有连接到MVC管道 - 它没有HttpContext和其他所有要求都能够工作.

您应该将用户注销以响应他们所做的请求.使用个人帐户身份验证创建新的MVC项目.打开AccountController并查看LogOff()方法:

    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult LogOff()
    {
        AuthenticationManager.SignOut();
        return RedirectToAction("Index", "Home");
    }

这AuthenticationManager.SignOut()将在/ Account/LogOff响应POST请求时执行.每当这样的请求到达时,ASP.NET/MVC将创建一个AccountController实例并正确初始化它.之后,将调用LogOff方法,您可以在其中实际执行AuthenticationManager.SignOut();.

此外,默认情况下,带有Identity的ASP.NET/MVC应用程序在代码的Helpers区域中声明AuthenticationManager,如下所示:

private IAuthenticationManager AuthenticationManager { get { return HttpContext.GetOwinContext().Authentication; } }

希望这可以帮助.

Answer 3

为此，您需要定义一个 ActionFilter 属性，并且需要将用户重定向到相应的控制器操作。您需要检查会话值，如果为空，则需要重定向用户。这是下面的代码（您也可以访问我的博客了解详细步骤）：

public class CheckSessionOutAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower().Trim();
            string actionName = filterContext.ActionDescriptor.ActionName.ToLower().Trim();

            if (!actionName.StartsWith("login") && !actionName.StartsWith("sessionlogoff"))
            {
                var session = HttpContext.Current.Session["SelectedSiteName"];
                HttpContext ctx = HttpContext.Current;
                //Redirects user to login screen if session has timed out
                if (session == null)
                {
                    base.OnActionExecuting(filterContext);


                    filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
                    {
                        controller = "Account",
                        action = "SessionLogOff"
                    }));

                }
            }

        }

    }
}