Base solution for your next web application
Open Closed

How to logout in Web Api layer? #2566


User avatar
0
lcyhjx created

Hi, What I expected is: 1 call /api/account/Authenticate to get a token 2 Use the token to call an authorized api service 3 logout 4 use the original token to call an authorized api service, expect to get an ‘not login’ error Currently, step 1 and step 2 are works fine. And for logout, I add new action in AccountController in Web Api layer

private IAuthenticationManager AuthenticationManager => Request.GetOwinContext().Authentication;   
        [HttpPost]
        [ActionName("Logout")]
        public AjaxResponse Logout()
        {
            AuthenticationManager.SignOut();
            return new AjaxResponse();
        }

But when I tested, after call the logout service. Then executed step 4, still success, did not get the ‘not login’ error. Does anyone know that’s the issue is and how to fix?


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Are you asking this for an external application ? If so, you can remove the token in your application, you don't need to call web api for that.

    Of did I understand it wrongly ?

  • User Avatar
    0
    lcyhjx created

    Hi ismcagdas, Your understanding is right, and thanks for your good solution.
    Thanks! And I am still thinking if and how can logout on service side directly. Such as to let the token failure.

  • User Avatar
    0
    lcyhjx created

    I also did research through google, but most about how to get token, use token. Did not find out how to let token failure manually. Did a demo by following article, but still did not find out the feature for let token failure manually. <a class="postlink" href="http://bitoftech.net/2014/06/09/angularjs-token-authentication-using-asp-net-web-api-2-owin-asp-net-identity/">http://bitoftech.net/2014/06/09/angular ... -identity/</a>

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    There are some offered ways (<a class="postlink" href="http://stackoverflow.com/questions/21978658/invalidating-json-web-tokens">http://stackoverflow.com/questions/2197 ... web-tokens</a>) but it requires custom work and ABP does not support it.

    That's why I suggested you to remove it from client app.

  • User Avatar
    0
    lcyhjx created

    thanks so much