我正在使用Identity Server 4作为Azure中的Web应用程序(AspNet Core)。尝试注销用户时,应用会再次自动登录。
在本地调试时,注销工作正常,但在部署到Azure后,它不起作用。这是我的代码的不同部分:
我使用AzureAD和AspNetIdentity登录。
注销控制器(单击注销按钮时执行,/ api / Logout /):
public async Task Logout()
{
await HttpContext.Authentication.SignOutAsync("cookieschemaname");
await HttpContext.Authentication.SignOutAsync("oidc");
}
Azure AD配置:
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = schemeName,
DisplayName = "AzureAD",
SignInScheme = cookieScheme,
ClientId = clientId,
Authority = $"https://login.microsoftonline.com/{tenantId}",
ResponseType = OpenIdConnectResponseType.IdToken,
StateDataFormat = dataFormat
});
CookieScheme配置:
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "cookieschemaname",
Authority = Configuration.GetValue<string>("authority"),
RequireHttpsMetadata = false,
ClientId = "hybrid-mvc",
ClientSecret = Configuration.GetValue<string>("secret"),
ResponseType = "code id_token",
Scope = { "proxy", "offline_access" },
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
});
客户端初始化:
new Client
{
ClientId = "hybrid-mvc",
ClientName = "Hybrid MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
ClientSecrets =
{
new Secret(secret.Sha256())
},
RedirectUris = { uri + "/signin-oidc" },
PostLogoutRedirectUris = { uri + "/signout-callback-oidc" },
LogoutUri = uri + "/api/Logout",
AllowedCorsOrigins = { uri },
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"queryproxy"
},
AllowOfflineAccess = true,
UpdateAccessTokenClaimsOnRefresh = true
},
更新
我设法通过在身份服务器的注销方法中手动删除cookie来解决此问题。我已经实现了这个,但它必须是在logout方法中完成的第一件事。
foreach(var cookie in Request.Cookies)
{
Response.Cookies.Delete(cookie.Key);
}