单点注销身份服务器4

时间:2018-06-11 10:26:42

标签: c# asp.net-core identityserver4

我有一个.net core 2.0 mvc应用程序,它使用Identity Server 4对用户进行身份验证。我遇到了将用户从Identity Server中记录下来并清除我在mvc应用程序中创建的自定义cookie的问题。

在mvc app中我触发注销:

await HttpContext.SignOutAsync("Cookies");
await HttpContext.SignOutAsync("oidc");

然后,我被重定向到Identity Server帐户控制器注销操作,该操作成功生成“您现在已注销”屏幕。在此之后,我希望将用户重定向到Identity Server登录页面, 但是,当我导航到我的MVC应用程序时,我没有被要求再次登录,而是我已经通过身份验证并可以访问mvc应用程序。我很难理解当我刚注销时用户何时或如何重新进行身份验证。

以下是我在MVC中启动的代码和IDSvr4中的客户端配置。

MVC App中的Startup.cs

services.AddAuthentication(options =>
        {                  
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = "oidc";               

        })
        .AddCookie("Cookies", options =>
        {                
            options.Cookie.Name = "HubCookie";
            options.Cookie.Expiration = new TimeSpan(0, 5, 0);
            options.SlidingExpiration = true;
            options.ExpireTimeSpan = new TimeSpan(0, 5, 0);
            options.LogoutPath = "/home/logout";                
        })
        .AddOpenIdConnect("oidc", options =>
        {
            options.SignInScheme = "Cookies";
            options.SignOutScheme = "Cookies";

            options.Authority = "https://auth.test.com/";
            options.RequireHttpsMetadata = false;

            options.ClientId = "mvc";
            options.ClientSecret = "XXXXXX";
            options.ResponseType = "code id_token";

            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;

            options.ClaimActions.MapUniqueJsonKey("website", "website");

            options.Scope.Add("api1");
            options.Scope.Add("offline_access");
            options.Scope.Add("testScope");

            options.UseTokenLifetime = true;

            options.SignedOutRedirectUri = "http://localhost:5002/test/";
            //options.CallbackPath = "http://localhost:5002/division/";

});

IDSvr4中的客户端配置

new Client
{
    ClientId = "mvc",
    ClientName = "MVC Client",
    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

    RequireConsent = false,

    ClientSecrets =
    {
        new Secret("XXXXX".Sha256())
    },

    RedirectUris           = { "http://localhost:5002/signin-oidc" },
    PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
    FrontChannelLogoutUri = "http://localhost:5002/home/logout",

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        "api1", "testScope"
    },

    AbsoluteRefreshTokenLifetime = 300,
    SlidingRefreshTokenLifetime = 120,
    RefreshTokenUsage = TokenUsage.ReUse,
    RefreshTokenExpiration = TokenExpiration.Sliding,
    UpdateAccessTokenClaimsOnRefresh = true,
    AllowOfflineAccess = true,
    AccessTokenLifetime = 60
}

0 个答案:

没有答案