dotnet核心opeindconnect损坏的单一注销(SLO)

时间:2019-03-07 17:47:45

标签: .net core openid-connect

因此,我建立了一个全新的mvc dotnet核心应用程序。没有安全感。然后我像这样在启动时添加了开放ID连接安全性:

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        var clientId = Configuration["clientID"];
        var metadataAddress = Configuration["MetadataAddress"]; 

        var Wtrealm = Configuration["Wtrealm"];
        string signedOutCallbackPath = Configuration["SignedOutCallbackPath"];
        string postLogoutUrl = Configuration["postLogoutUrl"];

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie("Cookies")
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.SaveTokens = true;
            options.ClientId = clientId;
            options.Authority = metadataAddress;

            options.SignedOutCallbackPath = signedOutCallbackPath;


            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");

            options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
            {
                NameClaimType = "name",
                RoleClaimType = "role",
            };

        });
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

这适用于登录。 然后我添加了

 public async Task<IActionResult> Logout(string callBack)
    {
        return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
    }
    public async Task<IActionResult> LogoutComplete()
    {
        return View();
    }

注销以启动注销,注销后注销以完成清理。 注销适用于我的应用。然后,它将重定向到 IdP 以注销。运行正常,然后将浏览器重定向到 LogoutComplete 。这是怪异开始的地方: LogoutComplete 302 返回到家庭控制器,但是我不知道为什么。它永远不会达到方法中的调试点。它不返回设计返回的视图。当未启用openIdConnect中间件时,此方法工作正常(返回其自己的视图)。  为什么会这样呢?这怎么可能?为什么中间件会劫持LogoutComplete?这是规格吗? openIDProvider在ADFS 2016中设置,另一个在ID Server 4中设置。两种情况下,应用程序的行为均相同。因此,我确定这不是提供商配置/ IdP服务器问题。

0 个答案:

没有答案