I made an app in xamarin forms that provides login/logout functionality. This steps work correctly in UWP:
- User start the app
- User put correct credential and login (here wrong credential always doesn't work and this is ok)
- User click logout
- User put wrong credential and can't login
Unfortunately in Android in third step user still can login.
I've tried using functions like Abort() Close() Dispose() on my client. Regardless of that after make new object of my client and put in wrong credential still everything works.
this I make while login
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows; // (I can use here NTLM and basic, result is the same)
MyClient myClient = new MyClient(binding, new EndpointAddress(myUrl));
myClient.ClientCredentials.Windows.ClientCredential.UserName = username
myClient.ClientCredentials.Windows.ClientCredential.Password = password;
myClient.ClientCredentials.UserName.UserName = username;
myClient.ClientCredentials.UserName.Password = password;
// this I've tried after logout and idk what I can do more
myClient.InnerChannel.Abort();
myClient.InnerChannel.Close();
myClient.InnerChannel.Dispose();
myClient.Abort();
myClient.Close();
myClient = null;
// Edit
// I used Android.Webkit.CookieManager on Android when logout in this way:
var cookieManager = CookieManager.Instance;
cookieManager.RemoveAllCookie();
cookieManager.RemoveSessionCookie();
cookieManager.RemoveExpiredCookie();
cookieManager.Flush();
// but still the same problem, I'm using Android 8.1 so I don't need CookieSyncManager.Instance.Sync(), because it's deprecated since api 21
I expect that app will prevent from use wrong credential after logout in Android. Currently only UWP provides that succesfully.
