我正在设置一个简单的asp.net Core 2 mvc应用程序,该应用程序在外部IdentityServer4上进行身份验证。在尝试实现应用程序本地用户存储之前,一切工作都很好。当我向Startup添加基本服务.AddIdentity ...时,我可以正常登录,但注销将不再自动重定向回该应用程序。我似乎丢失了PostLogoutRedirectUri。我想知道是否需要在登录时将idsrv声明映射到本地声明,但是不确定。工作与不工作之间的唯一区别是我添加了以下几行。
services.AddIdentity<IdentityUser, IdentityRole>(options => { })
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
我尝试了各种注销方式,以包括RedirectUri。 例如。
I have tried suggestions here:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(ContextConnection));
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizePage("/api");
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddScoped<IApplicationDbContext, ApplicationDbContext>();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddIdentity<IdentityUser, IdentityRole>(options => { })
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.Cookie.Name = "mycookie";
})
.AddAutomaticTokenManagement()
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://localhost:44345";
options.RequireHttpsMetadata = false;
options.ClientSecret = "secret";
options.ClientId = "myapp";
options.ResponseType = "code id_token";
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("hdiapi");
options.Scope.Add("offline_access");
options.ClaimActions.MapAll();
//options.ClaimActions.MapAllExcept("iss", "nbf", "exp", "aud", "nonce", "iat", "c_hash");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = JwtClaimTypes.Role,
};
});
enter code here
AccountControler
public IActionResult Logout()
{
var properties = new AuthenticationProperties
{
RedirectUri = Url.Action("https://localhost:44375/signout-callback-oidc"),
Items = { { "scheme", "oidc" } }
};
return new SignOutResult(new[] { "Cookies", "oidc" }
,properties);
}
[HttpGet]
public async Task<IActionResult> ExternalLoginCallback()
{
// read external identity from the temporary cookie
//var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
var result = await HttpContext.AuthenticateAsync("oidc");
if (result?.Succeeded != true)
{
throw new Exception("External authentication error");
}
// retrieve claims of the external user
var externalUser = result.Principal;
if (externalUser == null)
{
throw new Exception("External authentication error");
}
// retrieve claims of the external user
var claims = externalUser.Claims.ToList();
// try to determine the unique id of the external user - the most common claim type for that are the sub claim and the NameIdentifier
// depending on the external provider, some other claim type might be used
var userIdClaim = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject);
if (userIdClaim == null)
{
userIdClaim = claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
}
if (userIdClaim == null)
{
throw new Exception("Unknown userid");
}
var externalUserId = userIdClaim.Value;
var externalProvider = userIdClaim.Issuer;
// use externalProvider and externalUserId to find your user, or provision a new user
//var result = await HttpContext.AuthenticateAsync("oidc");
//var externalUserId = result.Principal.FindFirstValue("sub")
// ?? result.Principal.FindFirstValue(ClaimTypes.NameIdentifier)
// ?? throw new Exception("Cannot find external user id");
//var provider = result.Properties.Items["scheme"];
//await HttpContext.SignInAsync("Cookies", result.Principal);
return RedirectToAction("Index");
}
我没有看到任何异常,我已退出IDSRV,但它没有重定向回应用程序