Hi, What I expected is: 1 call /api/account/Authenticate to get a token 2 Use the token to call an authorized api service 3 logout 4 use the original token to call an authorized api service, expect to get an ‘not login’ error Currently, step 1 and step 2 are works fine. And for logout, I add new action in AccountController in Web Api layer
private IAuthenticationManager AuthenticationManager => Request.GetOwinContext().Authentication;
[HttpPost]
[ActionName("Logout")]
public AjaxResponse Logout()
{
AuthenticationManager.SignOut();
return new AjaxResponse();
}
But when I tested, after call the logout service. Then executed step 4, still success, did not get the ‘not login’ error. Does anyone know that’s the issue is and how to fix?
5 Answer(s)
-
0
Hi,
Are you asking this for an external application ? If so, you can remove the token in your application, you don't need to call web api for that.
Of did I understand it wrongly ?
-
0
Hi ismcagdas, Your understanding is right, and thanks for your good solution.
Thanks! And I am still thinking if and how can logout on service side directly. Such as to let the token failure. -
0
I also did research through google, but most about how to get token, use token. Did not find out how to let token failure manually. Did a demo by following article, but still did not find out the feature for let token failure manually. <a class="postlink" href="http://bitoftech.net/2014/06/09/angularjs-token-authentication-using-asp-net-web-api-2-owin-asp-net-identity/">http://bitoftech.net/2014/06/09/angular ... -identity/</a>
-
0
Hi,
There are some offered ways (<a class="postlink" href="http://stackoverflow.com/questions/21978658/invalidating-json-web-tokens">http://stackoverflow.com/questions/2197 ... web-tokens</a>) but it requires custom work and ABP does not support it.
That's why I suggested you to remove it from client app.
-
0
thanks so much
