Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why call SignOut(DefaultAuthenticationTypes.ExternalCookie) before use of ApplicationCookie with ASP.Net Identity?

Why does this example call the SignOut for ExternalCookie before signing in with an ApplicationCookie? Is it just a way to make sure the authentication information is clean? (The full example is here: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity)

private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);

    var identity = await UserManager.CreateIdentityAsync(
       user, DefaultAuthenticationTypes.ApplicationCookie);

    AuthenticationManager.SignIn(
       new AuthenticationProperties() { 
      IsPersistent = isPersistent 
       }, identity);
}
like image 598
Josh Russo Avatar asked Dec 13 '13 14:12

Josh Russo


1 Answers

Its basically cleanup, the external cookie should get cleared eventually, its only needed to store the claims returned from google/fb/twitter etc such that app can pull whatever data it needs before signing the user. So SignIn is a good safe place to clear that external data.

like image 102
Hao Kung Avatar answered Nov 15 '22 12:11

Hao Kung