无法从MVC应用程序将注销请求发送到Identity Server

时间:2019-03-01 12:32:30

标签: c# model-view-controller owin identityserver4 identity

在我的应用程序中,我接受对Identity Server的单身份验证。除注销部分外,其他所有内容均正常运行。实际上,当我想注销时,我希望也可以从我的身份服务器中注销,但这不会发生,我只能从应用程序中注销。代码如下:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Login.aspx")
});

app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

var AuthorityUrl = ConfigurationManager.AppSettings["AuthorityUrl"];

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    Authority = AuthorityUrl,
    RedirectUri = $"{ConfigurationManager.AppSettings["PortalWebUrl"]}/signin-oidc",
    PostLogoutRedirectUri = $"{ConfigurationManager.AppSettings["PortalWebUrl"]}/signout-callback-oidc",
    RequireHttpsMetadata = false,
    ClientId = "portal-local",
    AuthenticationType = "oidc",
    SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    ResponseType = "id_token token",
    Scope = "openid profile email",
    UseTokenLifetime = false,
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        SecurityTokenValidated = n =>
        {
            var claimsToExclude = new[]
            {
                "aud", "iss", "nbf", "exp", "nonce", "iat", "at_hash"
            };

            var claimsToKeep = n.AuthenticationTicket.Identity.Claims.Where(x => !claimsToExclude.Contains(x.Type)).ToList();

            claimsToKeep.Add(new Claim("id_token", n.ProtocolMessage.IdToken));

            var ci = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType, "name", "role");
            ci.AddClaims(claimsToKeep);

            n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(ci, n.AuthenticationTicket.Properties);

            return Task.CompletedTask;
        },
        RedirectToIdentityProvider = n =>
        {
            if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
            {
                n.ProtocolMessage.IdTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token")?.Value;
            }

            return Task.CompletedTask;
        }
    }
});

从Identity Server返回的“警告”如下:

enter image description here

您能帮我弄清楚我在做什么错吗?

0 个答案:

没有答案
相关问题
最新问题