我使用Owin通过Google oAuth进行授权.以下是我的cookie配置方式:
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Authentication/Login")
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
所以我正在使用UseCookieAuthentication和UseExternalSignInCookie,这似乎是多余的.我应该为IAuthenticationManager方法(SignIn,SingOUt等)指定这两种AuthenticationType中的哪一种?或者我应该只保留其中一个?
更新.让我最困惑的是SignIn方法:
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}
所以来自ExternalCookie的注销,但在ApplicationCookie中有迹象.
为什么这个示例在使用ApplicationCookie登录之前调用SignOut for ExternalCookie?它只是确保身份验证信息干净的一种方法吗?(完整的例子在这里:http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity)
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(
user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(
new AuthenticationProperties() {
IsPersistent = isPersistent
}, identity);
}