我有一个使用Identitysever4进行身份验证的简单dotnet核心应用程序。登录正常。在我尝试添加SignedOutCallbackPath之前,注销部分工作。 我在家庭控制器中添加了一个名为logoutcomplete的方法。我可以像http://localhost:port/home/logoutcomplete这样在浏览器中调用该方法。然后我添加 options.SignedOutCallbackPath = signedOutCallbackPath; 到应用程序,然后运行该应用程序。然后尝试重新访问http://localhost:port/home/logoutcomplete。它返回200,但没有视图。它也不输入控制器方法。 配置服务如下:
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SaveTokens = true;
options.ClientId = clientId;
options.RequireHttpsMetadata = false;
options.Authority = metadataAddress;
//options.SignedOutCallbackPath = signedOutCallbackPath;
//options.SignedOutRedirectUri = Wtrealm + postLogoutUrl;
// Wtrealm is the app's identifier in the Active Directory instance.
// For ADFS, use the relying party's identifier, its WS-Federation Passive protocol URL:
//options.Wtrealm = "https://localhost:44321/";
options.Events.OnRedirectToIdentityProvider = onRedirectToIdentityProvider;
//options.Events.OnRedirectToIdentityProviderForSignOut = onRedirectToIdentityProviderForSignOut;
options.Events.OnRemoteFailure = remoteAuthFail;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
//options.Scope.Add("role");
}); Services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
这是配置方法
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
修改1: 是的,我已将发布注销重定向配置为我提到的控制器。这是我执行第1步后的Chrome中“网络”标签的一般概览
,它会将我发送到客户端主页。从而使ID服务器无法登录代码。
Har文件也无法发布,但这是chrome网络标签的获取版本
电话1: https://localhost:44321/Account/Logout”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}
电话2: https://localhost:5001/connect/endsession?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A44321%2FAccount%2FCompleteSignout&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IkZGQzU0RUYzRjlCODYzMUVDQTMyQThERUZDMjM1QjJFMTAzMTIwMjgiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJfOFZPOF9tNFl4N0tNcWplX0NOYkxoQXhJQ2cifQ.eyJuYmYiOjE1NTE5Njg4OTgsImV4cCI6MTU1MTk2OTE5OCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImF1ZCI6Ijc3NmFlNmMzLWMyNzMtNGU4Yy05ZjlhLTE4ZTM5NDA1Y2M3ZCIsIm5vbmNlIjoiNjM2ODc1NjU2ODI5Mzk3NTAzLlpUTTBNemt5TVdFdE1tRTVNQzAwT1dGa0xXSXhNVFF0WldZMU9EYzVPVEl5WWpreE5qZGhPR1l6TVRNdE9UZzROUzAwTnpZekxXRXlNVFl0T0RObE9EVXdaalZpWlRreiIsImlhdCI6MTU1MTk2ODg5OCwiYXRfaGFzaCI6IkJOSWdjRjYwUTd3RUpUbE1tNzd5amciLCJzaWQiOiI3OGY3NmZiODg2MjNiN2M3MDU0N2FlMTkyNmFiMjEzMCIsInN1YiI6ImU4ODdjMDlkLTZjMWItNDNiYS1iN2ZhLTZkZjVkZjZmYjg2YiIsImF1dGhfdGltZSI6MTU1MTk2ODg5MiwiaWRwIjoibG9jYWwiLCJhbXIiOlsicHdkIl19.rykZoW4oBhC8FB-6plAu8tlnsi9kqp4Ij7aSc3GahSngXQZTFR6thStpnQDB5AGvr3mTg9IYkHmd_H5Q6KpMXLCvP8icfIoPo0F82Hy5m9R1bHCr-2j3nz3-KKtD63-TAWJdH291v9ob5u2LDxeV3kax0oI-2_jlQmaR4FvKoEIOLTv3O07gJ7gGOqTMUXyxgPe8leTKVMsibG4LyIIeM0CbSSHA7cuEOu8VaCHLHh4mewPprmvcAXqRtjksT5SdlcuySt8Jm9j0u03qQV9XcXaf4XVE8vMdBgwP2dCjz4F7CYwJNRlZIGiTkVbFy1pRSJx9YNHyM-zMe3jvk9a11w&state=CfDJ8IkQZhXHRoVImqJIMbA3AwywYZQb1BcuwxT_DXXCkTLUmtShNjh8kb-IwB-Xdt3k-GOwwhKn2NFKH0e9YNp7QQBa65K6buhh-2ndhP6RsoIzOokn2jibJVRALgCTgGDHS_ubXnpUUGQlteboyzGPAWHQIny6XUv6jPS-BLpd6nuU&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.3.0.0”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}
呼叫3: https://localhost:5001/Account/Logout?logoutId=CfDJ8IAxOFzkPDhIhK9DJ2tWINzkHt_UeEMkRoNAXbQ6CosU_t3gC5V0MujllavlrQsVycb_3pHr62VvRY1EQDgy-aZ7bqcwmgETDaB3Zp1RXLmb15CG-S8WN8EBThjPZQ5-4QqSWgXi7G44Bvp2hW1vlmfLtcyTQ-U2QbPpQOsoccnXqUM4JfI41fmIUlIC2DHCyLYAbHsTwvf1g_twwr0Ed914NInq-35IoLEWjIxoDNeFfSJJoxasEl9klvK_1EM_hz2GTLMRP5s46jtuMSoebvG_EVwO9hFxRGNg2kS8llFqx2zjSjFqeqowTPv7yK3im7IHFVqCJWVvyOHXH7XKCddUSfH5SNQ1hf6I3Ag96G7BRgyWwFM_c_t560V5ihQXkQ3HT0JIyF5rbh5tFC370XtqPFzz5jFB7XOe6YveXnCCk3EPpRS9Ll7DCMCABnd5uLmh9i0WtZlVg_LA9KOXcy1x97VUqiMDxqW8h8ahM3YKz0UCnvvyGGM9TV0Cv-7RCqcEo9sJyDSYjQzCV6ZqyXylaaqftAyCTKaBlC3umI9Y-_CQw_7U86uMu8c7zvxiwcGj4ixJcKHVGmkV9x0G_F_DmrcBC1GJRlJR6jc-VBecK_PA24UiSk2Jjpgpa1CfZqXHAkEVNILzgKh2gGJU4gvqrTgpxGoQj5Hnz2Vl6Tadin6_w6RLRYZIz9Yd1F45Apkonntl8DwnrY6xzqLRFX3wQ7rkxQe_xWVZq-5oQCJ1QQFEHtVqtdvVHkDZFLVJXmQSF-S8yyxZn8WVE257iQCNHeVBSV8IjNT4HRHnGnsR15vMBpmOt7Co2UsHZPMY9dsajHfJtDrL9W4k4zIrKP7wScmdb9i8cdxZ8hjIr0Dfs_ZTswCuxgP-jZroKBCCOhJ9_k4K1lDYoAAKr09etztiwtFqMnq96O8-GtQYKVhZL9bYGSbVcLsm1ko_144vf0h5LdlkCcWUoP0fh0lOxwn80s9Gmtrend9jmuXDKZ_P”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}
致电4: https://localhost:44321/Account/CompleteSignout?state=CfDJ8IkQZhXHRoVImqJIMbA3AwywYZQb1BcuwxT_DXXCkTLUmtShNjh8kb-IwB-Xdt3k-GOwwhKn2NFKH0e9YNp7QQBa65K6buhh-2ndhP6RsoIzOokn2jibJVRALgCTgGDHS_ubXnpUUGQlteboyzGPAWHQIny6XUv6jPS-BLpd6nuU”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}
致电5: https://localhost:44321/”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}
致电6: https://localhost:5001/connect/authorize?client_id=776ae6c3-c273-4e8c-9f9a-18e39405cc7d&redirect_uri=https%3A%2F%2Flocalhost%3A44321%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline_access&response_mode=form_post&nonce=636875657052545628.OTAwYzMwMWYtNzRmMi00YzlhLWFhNzgtMjRmZjFkOTgxYzY3YTBiMzcxMWUtM2M5Mi00YWE1LTkwNDgtNjIwODZjNDMxMDhk&login_hint=user.name&state=CfDJ8IkQZhXHRoVImqJIMbA3AwzSzO3TsIn08Q4MFv1bS3bVSAI8e35pZwTGfspMlXdIf3-lejQgu5bHYbbBYbPaR7S_20VO-GTp97rGCnsGeeQEuOqEGpYSA6C4LUeGCEYPV0R113XvY6qxcupAklxj_SVSwR3YWXKl2b-vwpkB45q8txV0TOc8LMeKbajQYB6jzQI5wI6b_zqRaAb0NHLRc4pk6fdx9PyVDouuq8mtfhKGaF1R0bV5iY1v8jkF4MEspx3xmL1Z78ik4YzRv1cgT52OvUvHgrnq9XgGfB5SXwI_e16CkuNZEf2ltVH5ifK5cA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.3.0.0”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}
致电7: https://localhost:5001/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3D776ae6c3-c273-4e8c-9f9a-18e39405cc7d%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44321%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520email%2520offline_access%26response_mode%3Dform_post%26nonce%3D636875657052545628.OTAwYzMwMWYtNzRmMi00YzlhLWFhNzgtMjRmZjFkOTgxYzY3YTBiMzcxMWUtM2M5Mi00YWE1LTkwNDgtNjIwODZjNDMxMDhk%26login_hint%3Duser.name%26state%3DCfDJ8IkQZhXHRoVImqJIMbA3AwzSzO3TsIn08Q4MFv1bS3bVSAI8e35pZwTGfspMlXdIf3-lejQgu5bHYbbBYbPaR7S_20VO-GTp97rGCnsGeeQEuOqEGpYSA6C4LUeGCEYPV0R113XvY6qxcupAklxj_SVSwR3YWXKl2b-vwpkB45q8txV0TOc8LMeKbajQYB6jzQI5wI6b_zqRaAb0NHLRc4pk6fdx9PyVDouuq8mtfhKGaF1R0bV5iY1v8jkF4MEspx3xmL1Z78ik4YzRv1cgT52OvUvHgrnq9XgGfB5SXwI_e16CkuNZEf2ltVH5ifK5cA%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.3.0.0”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}
调用8,9,10,11 :(所有css和js调用都无济于事) https://localhost:5001/lib/bootstrap/css/bootstrap.css”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”} https://localhost:5001/css/site.css”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”} https://localhost:5001/icon.png”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”} https://localhost:5001/lib/jquery/jquery.js”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”} https://localhost:5001/lib/bootstrap/js/bootstrap.js”,{“凭据”:“省略”,“ referrerPolicy”:“无引用”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”} >
答案 0 :(得分:1)
您可以将以下代码添加到某个控制器以触发注销:
public IActionResult Logout()
{
return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
}
这将清除本地cookie,然后重定向到IdentityServer。 IdentityServer将清除其cookie,然后为用户提供一个链接,以返回到MVC应用程序。
这是Identity Server中的客户端配置:
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "http://localhost:64146/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:64146/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
//Another scopes
},
AllowOfflineAccess = true
}
您可以设置options.SignedOutCallbackPath
,以使用户在退出OIDC后重定向。