我有一个带有 OAuth 登录配置的 WebAPI,如下所示:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = "https://www.microsoft.com/",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
并强制所有控制器使用登录
config.Filters.Add(new System.Web.Http.AuthorizeAttribute());
我现在想添加一个名为 LogoutController 的 ApiController(猜猜它是做什么的)。
我发现我可以从 MVC 注销 using
System.Web.Security.FormsAuthentication.SignOut();
但我没有以这种方式从 WebAPI 注销。我没有找到任何如何从 WebAPI 注销的信息。但我发现注销过程中可能存在错误,cookie 会被保留,必须手动删除,但是,代码又是MVC了,好像拿不到HttpCookie
进入我的HttpResponseMessage
object:
[HttpGet]
public HttpResponseMessage Logout()
{
FormsAuthentication.SignOut();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
var response = Request.CreateResponse(HttpStatusCode.OK);
response.Content = new StringContent("<html><title>Logout successful</title><body style=\"font-family:sans-serif\"><div style=\"display:table; width:100%; height:100%; margin:0; padding:0; \"><div style=\"display:table-cell; vertical-align:middle; text-align:center;\">You have been successfully logged out.<br>You can close this window/tab now.</div></div></body></html>");
response.Headers.AddCookies(cookie1); // Types don't match
return response;
}
如何实现我的 WebAPI 已注销并且需要在登录之前再次完成 OAuth?