我有一个.net core 2.0 mvc应用程序,它使用Identity Server 4对用户进行身份验证。我遇到了将用户从Identity Server中记录下来并清除我在mvc应用程序中创建的自定义cookie的问题。
在mvc app中我触发注销:
await HttpContext.SignOutAsync("Cookies");
await HttpContext.SignOutAsync("oidc");
然后,我被重定向到Identity Server帐户控制器注销操作,该操作成功生成“您现在已注销”屏幕。在此之后,我希望将用户重定向到Identity Server登录页面, 但是,当我导航到我的MVC应用程序时,我没有被要求再次登录,而是我已经通过身份验证并可以访问mvc应用程序。我很难理解当我刚注销时用户何时或如何重新进行身份验证。
以下是我在MVC中启动的代码和IDSvr4中的客户端配置。
MVC App中的Startup.cs
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.Cookie.Name = "HubCookie";
options.Cookie.Expiration = new TimeSpan(0, 5, 0);
options.SlidingExpiration = true;
options.ExpireTimeSpan = new TimeSpan(0, 5, 0);
options.LogoutPath = "/home/logout";
})
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.SignOutScheme = "Cookies";
options.Authority = "https://auth.test.com/";
options.RequireHttpsMetadata = false;
options.ClientId = "mvc";
options.ClientSecret = "XXXXXX";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.ClaimActions.MapUniqueJsonKey("website", "website");
options.Scope.Add("api1");
options.Scope.Add("offline_access");
options.Scope.Add("testScope");
options.UseTokenLifetime = true;
options.SignedOutRedirectUri = "http://localhost:5002/test/";
//options.CallbackPath = "http://localhost:5002/division/";
});
IDSvr4中的客户端配置
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
ClientSecrets =
{
new Secret("XXXXX".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
FrontChannelLogoutUri = "http://localhost:5002/home/logout",
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1", "testScope"
},
AbsoluteRefreshTokenLifetime = 300,
SlidingRefreshTokenLifetime = 120,
RefreshTokenUsage = TokenUsage.ReUse,
RefreshTokenExpiration = TokenExpiration.Sliding,
UpdateAccessTokenClaimsOnRefresh = true,
AllowOfflineAccess = true,
AccessTokenLifetime = 60
}