Comments (12)
Hi, this package uses Microsoft.AspNetCore.Identity
version 2.1.6
that does not have the latest changes regarding IdentityServer.
To Signout you should be able to use the SigninManager.SignOutAsync()
method.
You can look at the usage of the package in the MVC sample here:
https://github.com/alexandre-spieser/AspNetCore.Identity.MongoDbCore/tree/master/sample/MongoIdentitySample.Mvc/Controllers
//
// POST: /Account/LogOff
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> LogOff()
{
await _signInManager.SignOutAsync();
_logger.LogInformation(4, "User logged out.");
return RedirectToAction(nameof(HomeController.Index), "Home");
}
from aspnetcore.identity.mongodbcore.
Thanks for getting back to me. Have to tried to open multiple tabs in your browser and sign out from one of them? Do the other tabs log off as well? I say that because that's the issue I'm facing right now.
My log out looks like this:
/// <summary>
/// Show logout page
/// </summary>
[HttpGet]
public async Task<IActionResult> Logout(string logoutId)
{
var logoutContext = await _interaction.GetLogoutContextAsync(logoutId);
await _signInManager.SignOutAsync();
return Redirect(logoutContext.PostLogoutRedirectUri);
}
from aspnetcore.identity.mongodbcore.
The action in the MVC sample is a post
, yours is a get
. Not sure about what the _interaction dependency does.
Feel free to start the sample MVC app and check if this works.
Once again, this package does not use identity server.
The token provider used by Identity in this package is not IdentityServer.
The SignInManager.SignOutAsync() method does:
/// <summary>
/// Signs the current user out of the application.
/// </summary>
public virtual async Task SignOutAsync()
{
await Context.SignOutAsync(IdentityConstants.ApplicationScheme);
await Context.SignOutAsync(IdentityConstants.ExternalScheme);
await Context.SignOutAsync(IdentityConstants.TwoFactorUserIdScheme);
}
from aspnetcore.identity.mongodbcore.
@CarlosTorrecillas You cannot have different sessions in different browser tabs/instances. Authentication works based on Cookies and they provide the same info browser-wide.
This mean if you log-in all browser tabs are logged in and the same if you log out. So logoutId
won't help.
One solution might be JWT based authentication and not even storing the token in cookies or localStorage. You can save the token in window.token
for instance.
from aspnetcore.identity.mongodbcore.
Ok - I understand that. What I would have imagined then is that, if I log out in one of the tabs, then the other one would also be โlogged-outโ if that makes sense, but itโs not the case. For some reason the user is still able to run authenticated actions. Does that make sense?
Iโm using the oidc-client on an Angular app with pretty much the standard configuration.
If you check out the stack overflow link I pasted I think I have JWT configuration right?
from aspnetcore.identity.mongodbcore.
As long as i know oidc-client works in two modes: localStorage and sessionStorage. It depends on your configuration. If you are on localStorage then logging out in a tab logs out everywhere else. But if you are on sessionStorage mode, only one tab logs out (you don't even need to log out, closing browser tab is enough).
More on localStorage and sessionStorage:
https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage
oidc-client's behavior is set to sessionStorage by default:
https://github.com/IdentityModel/oidc-client-js/blob/8848a6c58bbc41342e11888df2eb44ad117da94a/src/UserManagerSettings.js#L35
from aspnetcore.identity.mongodbcore.
If it's token based authentication stored in a cookie, you're better off writing middleware that expires your session simply by taking the specific cookie and making it expire.
In https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/blob/master/Quickstart/Account/AccountController.cs
the method:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Logout(LogoutInputModel model)
Clears the cookie like so:
if (User?.Identity.IsAuthenticated == true)
{
// delete local authentication cookie
await HttpContext.SignOutAsync();
// raise the logout event
await _events.RaiseAsync(new UserLogoutSuccessEvent(User.GetSubjectId(), User.GetDisplayName()));
}
HttpContext.SignOutAsync();
is probably and extension from the IdentityServer package.
You cannot rely on the Identity package to clear cookies it has not created.
from aspnetcore.identity.mongodbcore.
In addition to my previous comment, in sessionStorage you will need to log-in for each tab separately.
from aspnetcore.identity.mongodbcore.
If you're set on using IdentityServer and it's not supported by MS Identity then you must handle the token management yourself.
I am using OpenIdConnectServer as a token provider in my personal projects, and I just use AspNetCore.Identity.MongoDbCore to do the user management, not the session management.
from aspnetcore.identity.mongodbcore.
Right, you may not mix a client-side library with server-side auth.
I believe the best solution is to use oidc-client with a web-api project with a token based auth.
Alternately, you can get rid of oidc-client and use Startup.Configure function to disable cookie auth and use a sesstionStorage thing. It might need to write a middleware.
from aspnetcore.identity.mongodbcore.
Hi @alexandre-spieser @xclud , I managed to expire all active sessions on different tabs eventually. When you sign out there is an event fired and the OIDC client picks it up. You can then add a handler to it to sign out automatically and that would do it:
this.manager.events.addUserSignedOut(() => {
this.signOut();
});
Simply like that! I have faced anti forgery token issues later on when trying to log in multiple times from different tabs but I think I got that resolved too.
Many thanks for the help!!!
from aspnetcore.identity.mongodbcore.
Glad you could make it work.
I'm a closing this issue ๐
from aspnetcore.identity.mongodbcore.
Related Issues (20)
- Unable to post Register using sample project. HOT 7
- Issues with the 3.1.0 version HOT 3
- Perfomance comparison to SQL databases
- Update Readme HOT 2
- Use of IMongoClient instead of MongoClient HOT 1
- Does this work with .net5? HOT 10
- Comparison with another implementation HOT 2
- Injecting SignInManager through DI causing issues when trying to resolve HOT 4
- Update MongoDb driver to 2.13 HOT 2
- Update (your own) MongoDbGenericRepository nuget to latest 1.4.7 HOT 2
- CollectionNames While Using Generics HOT 1
- Stores use a static IMongoRepository
- This work on .net6 HOT 4
- IDictionary<string, string> Properties missing on MongoClaim HOT 1
- explanation services.AddIdentity multi roles HOT 1
- Does this work with .net7 preview? HOT 1
- Is there a recommended approach to use with worker & console apps?
- How to set document in [users] collection save as camelCase
- Publish next NuGet version
- Login does not work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnetcore.identity.mongodbcore.