因此,我建立了一个全新的mvc dotnet核心应用程序。没有安全感。然后我像这样在启动时添加了开放ID连接安全性:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var clientId = Configuration["clientID"];
var metadataAddress = Configuration["MetadataAddress"];
var Wtrealm = Configuration["Wtrealm"];
string signedOutCallbackPath = Configuration["SignedOutCallbackPath"];
string postLogoutUrl = Configuration["postLogoutUrl"];
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SaveTokens = true;
options.ClientId = clientId;
options.Authority = metadataAddress;
options.SignedOutCallbackPath = signedOutCallbackPath;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role",
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
这适用于登录。 然后我添加了
public async Task<IActionResult> Logout(string callBack)
{
return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
}
public async Task<IActionResult> LogoutComplete()
{
return View();
}
注销以启动注销,注销后注销以完成清理。 注销适用于我的应用。然后,它将重定向到 IdP 以注销。运行正常,然后将浏览器重定向到 LogoutComplete 。这是怪异开始的地方: LogoutComplete 将 302 返回到家庭控制器,但是我不知道为什么。它永远不会达到方法中的调试点。它不返回设计返回的视图。当未启用openIdConnect中间件时,此方法工作正常(返回其自己的视图)。 为什么会这样呢?这怎么可能?为什么中间件会劫持LogoutComplete?这是规格吗? openIDProvider在ADFS 2016中设置,另一个在ID Server 4中设置。两种情况下,应用程序的行为均相同。因此,我确定这不是提供商配置/ IdP服务器问题。