dotnet核心openidconnect identityserver4破坏了注销方法

时间:2019-03-05 19:50:10

标签: .net asp.net-core identityserver4

我有一个使用Identitysever4进行身份验证的简单dotnet核心应用程序。登录正常。在我尝试添加SignedOutCallbackPath之前,注销部分工作。 我在家庭控制器中添加了一个名为logoutcomplete的方法。我可以像http://localhost:port/home/logoutcomplete这样在浏览器中调用该方法。然后我添加                 options.SignedOutCallbackPath = signedOutCallbackPath; 到应用程序,然后运行该应用程序。然后尝试重新访问http://localhost:port/home/logoutcomplete。它返回200,但没有视图。它也不输入控制器方法。 配置服务如下:

services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie("Cookies")
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.SaveTokens = true;
            options.ClientId = clientId;
            options.RequireHttpsMetadata = false;
            options.Authority = metadataAddress;

            //options.SignedOutCallbackPath = signedOutCallbackPath;
            //options.SignedOutRedirectUri = Wtrealm + postLogoutUrl;
            // Wtrealm is the app's identifier in the Active Directory instance.
            // For ADFS, use the relying party's identifier, its WS-Federation Passive protocol URL:
            //options.Wtrealm = "https://localhost:44321/";
            options.Events.OnRedirectToIdentityProvider = onRedirectToIdentityProvider;
            //options.Events.OnRedirectToIdentityProviderForSignOut = onRedirectToIdentityProviderForSignOut;

            options.Events.OnRemoteFailure = remoteAuthFail;

            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");

            //options.Scope.Add("role");

        });              Services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

这是配置方法

 public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

修改1: 是的,我已将发布注销重定向配置为我提到的控制器。这是我执行第1步后的Chrome中“网络”标签的一般概览

  1. 我单击客户端应用程序中的注销链接。
  2. 注销控制器进行处理。
  3. 它使我退出应用程序,并将我重定向到ID服务器注销过程。
  4. Id服务器endesssion被调用。它将重定向到ID服务器帐户/注销方法。
  5. 它将302返回到我客户端的postlogouturl页面。它应该在哪停下来,我会很高兴。
  6. 但是INSTEAD我从该登出目的地收到302。
  7. ,它会将我发送到客户端主页。从而使ID服务器无法登录代码。

    Har文件也无法发布,但这是chrome网络标签的获取版本

电话1:      https://localhost:44321/Account/Logout”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}

电话2:     https://localhost:5001/connect/endsession?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A44321%2FAccount%2FCompleteSignout&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IkZGQzU0RUYzRjlCODYzMUVDQTMyQThERUZDMjM1QjJFMTAzMTIwMjgiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJfOFZPOF9tNFl4N0tNcWplX0NOYkxoQXhJQ2cifQ.eyJuYmYiOjE1NTE5Njg4OTgsImV4cCI6MTU1MTk2OTE5OCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImF1ZCI6Ijc3NmFlNmMzLWMyNzMtNGU4Yy05ZjlhLTE4ZTM5NDA1Y2M3ZCIsIm5vbmNlIjoiNjM2ODc1NjU2ODI5Mzk3NTAzLlpUTTBNemt5TVdFdE1tRTVNQzAwT1dGa0xXSXhNVFF0WldZMU9EYzVPVEl5WWpreE5qZGhPR1l6TVRNdE9UZzROUzAwTnpZekxXRXlNVFl0T0RObE9EVXdaalZpWlRreiIsImlhdCI6MTU1MTk2ODg5OCwiYXRfaGFzaCI6IkJOSWdjRjYwUTd3RUpUbE1tNzd5amciLCJzaWQiOiI3OGY3NmZiODg2MjNiN2M3MDU0N2FlMTkyNmFiMjEzMCIsInN1YiI6ImU4ODdjMDlkLTZjMWItNDNiYS1iN2ZhLTZkZjVkZjZmYjg2YiIsImF1dGhfdGltZSI6MTU1MTk2ODg5MiwiaWRwIjoibG9jYWwiLCJhbXIiOlsicHdkIl19.rykZoW4oBhC8FB-6plAu8tlnsi9kqp4Ij7aSc3GahSngXQZTFR6thStpnQDB5AGvr3mTg9IYkHmd_H5Q6KpMXLCvP8icfIoPo0F82Hy5m9R1bHCr-2j3nz3-KKtD63-TAWJdH291v9ob5u2LDxeV3kax0oI-2_jlQmaR4FvKoEIOLTv3O07gJ7gGOqTMUXyxgPe8leTKVMsibG4LyIIeM0CbSSHA7cuEOu8VaCHLHh4mewPprmvcAXqRtjksT5SdlcuySt8Jm9j0u03qQV9XcXaf4XVE8vMdBgwP2dCjz4F7CYwJNRlZIGiTkVbFy1pRSJx9YNHyM-zMe3jvk9a11w&state=CfDJ8IkQZhXHRoVImqJIMbA3AwywYZQb1BcuwxT_DXXCkTLUmtShNjh8kb-IwB-Xdt3k-GOwwhKn2NFKH0e9YNp7QQBa65K6buhh-2ndhP6RsoIzOokn2jibJVRALgCTgGDHS_ubXnpUUGQlteboyzGPAWHQIny6XUv6jPS-BLpd6nuU&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.3.0.0”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}

呼叫3:     https://localhost:5001/Account/Logout?logoutId=CfDJ8IAxOFzkPDhIhK9DJ2tWINzkHt_UeEMkRoNAXbQ6CosU_t3gC5V0MujllavlrQsVycb_3pHr62VvRY1EQDgy-aZ7bqcwmgETDaB3Zp1RXLmb15CG-S8WN8EBThjPZQ5-4QqSWgXi7G44Bvp2hW1vlmfLtcyTQ-U2QbPpQOsoccnXqUM4JfI41fmIUlIC2DHCyLYAbHsTwvf1g_twwr0Ed914NInq-35IoLEWjIxoDNeFfSJJoxasEl9klvK_1EM_hz2GTLMRP5s46jtuMSoebvG_EVwO9hFxRGNg2kS8llFqx2zjSjFqeqowTPv7yK3im7IHFVqCJWVvyOHXH7XKCddUSfH5SNQ1hf6I3Ag96G7BRgyWwFM_c_t560V5ihQXkQ3HT0JIyF5rbh5tFC370XtqPFzz5jFB7XOe6YveXnCCk3EPpRS9Ll7DCMCABnd5uLmh9i0WtZlVg_LA9KOXcy1x97VUqiMDxqW8h8ahM3YKz0UCnvvyGGM9TV0Cv-7RCqcEo9sJyDSYjQzCV6ZqyXylaaqftAyCTKaBlC3umI9Y-_CQw_7U86uMu8c7zvxiwcGj4ixJcKHVGmkV9x0G_F_DmrcBC1GJRlJR6jc-VBecK_PA24UiSk2Jjpgpa1CfZqXHAkEVNILzgKh2gGJU4gvqrTgpxGoQj5Hnz2Vl6Tadin6_w6RLRYZIz9Yd1F45Apkonntl8DwnrY6xzqLRFX3wQ7rkxQe_xWVZq-5oQCJ1QQFEHtVqtdvVHkDZFLVJXmQSF-S8yyxZn8WVE257iQCNHeVBSV8IjNT4HRHnGnsR15vMBpmOt7Co2UsHZPMY9dsajHfJtDrL9W4k4zIrKP7wScmdb9i8cdxZ8hjIr0Dfs_ZTswCuxgP-jZroKBCCOhJ9_k4K1lDYoAAKr09etztiwtFqMnq96O8-GtQYKVhZL9bYGSbVcLsm1ko_144vf0h5LdlkCcWUoP0fh0lOxwn80s9Gmtrend9jmuXDKZ_P”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}

致电4:     https://localhost:44321/Account/CompleteSignout?state=CfDJ8IkQZhXHRoVImqJIMbA3AwywYZQb1BcuwxT_DXXCkTLUmtShNjh8kb-IwB-Xdt3k-GOwwhKn2NFKH0e9YNp7QQBa65K6buhh-2ndhP6RsoIzOokn2jibJVRALgCTgGDHS_ubXnpUUGQlteboyzGPAWHQIny6XUv6jPS-BLpd6nuU”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}

致电5:     https://localhost:44321/”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}

致电6:     https://localhost:5001/connect/authorize?client_id=776ae6c3-c273-4e8c-9f9a-18e39405cc7d&redirect_uri=https%3A%2F%2Flocalhost%3A44321%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline_access&response_mode=form_post&nonce=636875657052545628.OTAwYzMwMWYtNzRmMi00YzlhLWFhNzgtMjRmZjFkOTgxYzY3YTBiMzcxMWUtM2M5Mi00YWE1LTkwNDgtNjIwODZjNDMxMDhk&login_hint=user.name&state=CfDJ8IkQZhXHRoVImqJIMbA3AwzSzO3TsIn08Q4MFv1bS3bVSAI8e35pZwTGfspMlXdIf3-lejQgu5bHYbbBYbPaR7S_20VO-GTp97rGCnsGeeQEuOqEGpYSA6C4LUeGCEYPV0R113XvY6qxcupAklxj_SVSwR3YWXKl2b-vwpkB45q8txV0TOc8LMeKbajQYB6jzQI5wI6b_zqRaAb0NHLRc4pk6fdx9PyVDouuq8mtfhKGaF1R0bV5iY1v8jkF4MEspx3xmL1Z78ik4YzRv1cgT52OvUvHgrnq9XgGfB5SXwI_e16CkuNZEf2ltVH5ifK5cA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.3.0.0”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}

致电7:     https://localhost:5001/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3D776ae6c3-c273-4e8c-9f9a-18e39405cc7d%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44321%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520email%2520offline_access%26response_mode%3Dform_post%26nonce%3D636875657052545628.OTAwYzMwMWYtNzRmMi00YzlhLWFhNzgtMjRmZjFkOTgxYzY3YTBiMzcxMWUtM2M5Mi00YWE1LTkwNDgtNjIwODZjNDMxMDhk%26login_hint%3Duser.name%26state%3DCfDJ8IkQZhXHRoVImqJIMbA3AwzSzO3TsIn08Q4MFv1bS3bVSAI8e35pZwTGfspMlXdIf3-lejQgu5bHYbbBYbPaR7S_20VO-GTp97rGCnsGeeQEuOqEGpYSA6C4LUeGCEYPV0R113XvY6qxcupAklxj_SVSwR3YWXKl2b-vwpkB45q8txV0TOc8LMeKbajQYB6jzQI5wI6b_zqRaAb0NHLRc4pk6fdx9PyVDouuq8mtfhKGaF1R0bV5iY1v8jkF4MEspx3xmL1Z78ik4YzRv1cgT52OvUvHgrnq9XgGfB5SXwI_e16CkuNZEf2ltVH5ifK5cA%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.3.0.0”,{“凭据”:“ include”,“ headers”:{“ accept”:“ text / html,application / xhtml + xml,application / xml; q = 0.9,image / webp,image / apng, / ; q = 0.8“,” accept-language“:” zh-CN,en; q = 0.9“,” cache-control“:” no-cache“,” pragma“: “ no-cache”,“ upgrade-insecure-requests”:“ 1”},“ referrer”:“ https://localhost:44321/”,“ referrerPolicy”:“ no-referrer-when-downgrade”,“ body”:null ,“方法”:“ GET”,“模式”:“ cors”}

调用8,9,10,11 :(所有css和js调用都无济于事)     https://localhost:5001/lib/bootstrap/css/bootstrap.css”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”}     https://localhost:5001/css/site.css”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”}     https://localhost:5001/icon.png”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”}     https://localhost:5001/lib/jquery/jquery.js”,{“凭证”:“省略”,“ referrerPolicy”:“无推荐人”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”}     https://localhost:5001/lib/bootstrap/js/bootstrap.js”,{“凭据”:“省略”,“ referrerPolicy”:“无引用”,“正文”:null,“方法”:“ GET”,“模式”:“ cors”}

1 个答案:

答案 0 :(得分:1)

您可以将以下代码添加到某个控制器以触发注销:

public IActionResult Logout()
{
    return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
}

这将清除本地cookie,然后重定向到IdentityServer。 IdentityServer将清除其cookie,然后为用户提供一个链接,以返回到MVC应用程序。

这是Identity Server中的客户端配置:

new Client
{
    ClientId = "mvc",
    ClientName = "MVC Client",
    AllowedGrantTypes = GrantTypes.Implicit,


    RedirectUris           = { "http://localhost:64146/signin-oidc" },
    PostLogoutRedirectUris = { "http://localhost:64146/signout-callback-oidc" },

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        //Another scopes
    },

    AllowOfflineAccess = true
}

您可以设置options.SignedOutCallbackPath,以使用户在退出OIDC后重定向。