1回答

开满天机

迟到的回复，但对于遇到此问题的人：我们通过添加一个验证指纹的自定义属性来处理这个问题。我们将该属性用于登录后的任何页面。以下是如何实现这一目标的粗略示例。指纹在登录时创建并添加到缓存中：&nbsp; &nbsp; private void OwinSignIn(tblUser user)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; var thumbPrint = Guid.NewGuid();&nbsp; &nbsp; &nbsp; &nbsp; var claims = new List<Claim>&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ....&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; new Claim(ClaimTypes.Thumbprint, thumbPrint.ToString())&nbsp; &nbsp; &nbsp; &nbsp; };&nbsp; &nbsp; &nbsp; &nbsp; MemoryCache.Default.Set(thumbPrint.ToString(), true, new CacheItemPolicy() { AbsoluteExpiration = DateTimeOffset.Now.AddMinutes(60) });}该属性然后查找此指纹并相应地执行操作：public class ValidateThumbprint : FilterAttribute, IAuthorizationFilter{&nbsp; &nbsp; public void OnAuthorization(AuthorizationContext filterContext)&nbsp; &nbsp; var identity = (ClaimsIdentity)filterContext.HttpContext.User.Identity;&nbsp; &nbsp; var thumbPrint = identity.Claims?.Where(s => s.Type == ClaimTypes.Thumbprint).First().Value;&nbsp; &nbsp; if (thumbPrint != null)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; if (MemoryCache.Default.Contains(thumbPrint))&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return;&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; // handle invalid thumbprint}我不确定这是否是最好的方法和最安全的方法，但它确实会阻止在注销后保存和重新使用 cookie。

0 0

0