The logout function is not working in my app, i.e. after logging out, the functions are still logged in without authentication, but these functions are authorize and need to reauthenticate. My project is written with asp.net Core v5 :please help me codes in Startup.cs:
namespace ERP
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
#region Authenication
services.AddAuthentication()
.AddCookie("ProvinceArea", options =>
{
options.Cookie.Name = "ProvinceArea";
options.LoginPath = "/PLogin";
options.LogoutPath = "/PLogout";
options.ExpireTimeSpan =TimeSpan.FromHours(12);
}).AddCookie("CountyArea", options =>
{
options.Cookie.Name = "CountyArea";
options.LoginPath = "/CLogin";
options.LogoutPath = "/CLogout";
options.ExpireTimeSpan = TimeSpan.FromHours(12);
}).AddCookie("DistrictArea", options =>
{
options.Cookie.Name = "DistrictArea";
options.LoginPath = "/DLogin";
options.LogoutPath = "/DLogout";
options.ExpireTimeSpan = TimeSpan.FromHours(12);
});
#endregion
#region Db Context
services.AddDbContext<ERPContext>(options =>
{ options.UseSqlServer("Data Source =.;Initial Catalog=ERP_DB;Integrated Security=true"); });
#endregion
#region IOC
services.AddTransient<IManagementService, ManagementService>();
#endregion
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "areas",
pattern: "{area:exists}/{controller=Home}/{action=Index}/{id?}"
);
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}
}
codes in login and logout functions:
[Route("PLogin")]
public IActionResult PLogin()
{
return View();
}
[HttpPost]
[Route("PLogin")]
public IActionResult PLogin(LoginViewModel login)
{
if (!ModelState.IsValid)
{
return View(login);
}
var user = _ManagementService.PLoginUser(login);
if (user != null)
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier,user.nationalCode.ToString()),
new Claim("nationalCode",user.nationalCode.ToString()),
new Claim("fName",user.fName.ToString()),
new Claim("lName",user.lName.ToString()),
new Claim("department",user.department.ToString()),
new Claim("role",user.role.ToString())
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
HttpContext.SignInAsync("ProvinceArea", principal);
ViewBag.IsSuccess = true;
return View(login);
}
ModelState.AddModelError("nationalCode", "کاربری با مشخصات وارد شده یافت نشد");
return View(login);
}
#endregion
#region Logout
//تابع خروج
[Route("PLogout")]
public IActionResult PLogout()
{
HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return Redirect("/PLogin");
}
#endregion
codes in authorize:
namespace ERP.Areas.ProvinceArea.Controllers
{
[Area("ProvinceArea")]
[Authorize(AuthenticationSchemes = "ProvinceArea")]
public class HomeController : Controller
{
You passed a wrong scheme into HttpContext.SignOutAsync() method.
Try modify CookieAuthenticationDefaults.AuthenticationScheme to "ProvinceArea"