使用OWIN中间件为OIDC将客户端ID附加到注销URL

时间:2017-06-26 15:48:26

标签: asp.net authentication owin oidc

我正在为客户开发Web应用程序。对于身份验证,客户正在使用他自己的(自定义)OIDC身份提供商。我能够实现登录,注册,密码重置。现在的任务是实施注销。

当用户退出时,他将被重定向到https://customoidc.example.com/ciam/logout?post_logout_redirect_uri=https%3a%2f%2flocalhost%3a4200%2faccount%2fsignout-callback。这不是自定义OIDC提供程序的有效注销URL。它还需要客户端ID。我无法配置中间件将客户端ID作为查询字符串参数发送。我怎样才能做到这一点?

在配置EndSessionEndpoint = ciamUrl + $"ciam/logout?client_id={clientId}"中附加客户端ID会导致格式错误的网址https://customoidc.exemple.com/ciam/logout?client_id={clientId}?post_logout_redirect_uri=https%3a%2f%2flocalhost%3a4200%2faccount%2fsignout-callback(双问号)。

这是身份验证中间件的样子:

public void ConfigureAuth(IAppBuilder app)
{
    var cookieAT = CookieAuthenticationDefaults.AuthenticationType;
    app.SetDefaultSignInAsAuthenticationType(cookieAT);

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = "Cookie",
        AuthenticationMode = AuthenticationMode.Active
    });

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        RedirectUri = redirectUri,
        Configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnectConfiguration
        {
            AuthorizationEndpoint = ciamUrl + "oidc10/auth/oauth/v2/authorize",
            TokenEndpoint = ciamUrl + "oidc10/auth/oauth/v2/token",
            UserInfoEndpoint = ciamUrl + "oidc10/openid/connect/v1/userinfo",
            EndSessionEndpoint = ciamUrl + "ciam/logout"
        },
        ResponseType = "code",
        Scope = "openid ciam-uid email profile"
    });
}

通过以下代码触发注销:

[RoutePrefix("account")]
public class AccountController : Controller
{
    [Route("signout")]
    public void SignOut()
    {
        string callbackUrl = Url.Action(
            actionName: "SignOutCallback",
            controllerName: "Account",
            routeValues: null,
            protocol: Request.Url.Scheme);
        var authnProperties = new AuthenticationProperties { RedirectUri = callbackUrl };
        var oidcAT = OpenIdConnectAuthenticationDefaults.AuthenticationType;
        var cookieAT = CookieAuthenticationDefaults.AuthenticationType;
        var owinCtx = HttpContext.GetOwinContext();
        owinCtx.Authentication.SignOut(authnProperties, oidcAT, cookieAT);
    }

    ...
}

1 个答案:

答案 0 :(得分:0)

将配置更改为

EndSessionEndpoint = ciamUrl + $"ciam/logout?client_id={clientId}"

结合更新NuGet包Microsoft.IdentityModel.Protocol.Extensions到版本1.0.4.403061554(最新稳定版)就可以了。

这是一个类似的帖子Azure Active Directory B2C, 404 error, unexpected question mark in URL,这导致了答案。

相关问题
最新问题