Why use SignOut (DefaultAuthenticationTypes.ExternalCookie) before using ApplicationCookie with ASP.Net ID?

Question

Why use SignOut (DefaultAuthenticationTypes.ExternalCookie) before using ApplicationCookie with ASP.Net ID?

Why does this example call SignOut for ExternalCookie before entering ApplicationCookie? Is this just a way to make sure the authentication data is clean? (Full example: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity )

private async Task SignInAsync(ApplicationUser user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); var identity = await UserManager.CreateIdentityAsync( user, DefaultAuthenticationTypes.ApplicationCookie); AuthenticationManager.SignIn( new AuthenticationProperties() { IsPersistent = isPersistent }, identity); }

+5

c # asp.net asp.net-identity

Josh Russo Dec 13 '13 at 14:55

source share

1 answer

Hao Kung · Accepted Answer · 2013-12-13 20:42

Basically clearing it, an external cookie should be cleared in the end, it only needs to save claims returned from google / fb / twitter, etc., so that the application can pull out any data it needs before signing up the user. Thus, SignIn is a good safe place to clean external data.

Why use SignOut (DefaultAuthenticationTypes.ExternalCookie) before using ApplicationCookie with ASP.Net ID?

More articles: