英文:

HttpContext SignOutAsync inconsistency

问题 {#heading}

我有一个登录功能，用户通过他们的Microsoft帐户登录网站。

使用HttpContext类，我尝试使用SignOutAsync注销用户。我遇到的问题是，在Edge浏览器中这样做可以正常工作，但当我尝试在Chrome和Firefox的私人窗口中注销时，它并不会让我退出登录。

我尝试了不同的SignOutAsync重载，比如将CookieAuthenticationDefaults.AuthenticationScheme和OpenIdConnectDefaults.AuthenticationScheme传递进去，期望这能解决问题，但结果并没有如此。

如果需要更多细节来帮助解决问题，我可以提供更多信息。 英文:

I have a login function where the user logs in the website through their Microsoft account.

Using the HttpContext class, I am trying to sign out the user with SignOutAsync. The problem I come across is that it works when I do it in Edge, but when I try to sign out in a private window, in chrome, and in firefox, it doesn't sign me out.

[HttpGet("Logout")]
public async Task<IActionResult> Logout()
{
	await this.HttpContext.SignOutAsync();
	return RedirectToAction("Login", "Account");
}

\[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)\]
\[HttpGet(\"Login\")\]
public async Task\<IActionResult\> Login()
{


    return Redirect(this.homepageLink);



`}
`

I have tried to different overloads of SignOutAsync, such as putting CookieAuthenticationDefaults.AuthenticationScheme, and OpenIdConnectDefaults.AuthenticationScheme, expecting it to fix the problem, but that did not end up happening.

I can provide more details if I am missing any that could help fix this.

答案1 {#1}

得分: 1

根据您的设置，您需要确保注销所有不同的模式。以下是我使用的示例。首先删除cookie，然后使用OIDC的已知功能通过重定向到我的SSO应用程序执行全局注销。如果您使用OIDC，这将在客户端上不需要任何额外的代码。

public IActionResult Logout() => SignOut("Cookies", "oidc");

英文:

Depending on your setup, you need to make sure you sign out of all of the different schemas you are using. This is an example of what I use. It first deletes the cookie, and then uses the well-known functionality of OIDC to perform a global logout by redirecting to my SSO application. If you use OIDC, this works without any additional code on your client.

public IActionResult Logout() => SignOut("Cookies", "oidc");