为什么在注销应用程序时丢失客户端PostLogoutRedirectUris?

时间:2019-06-01 14:48:11

标签: asp.net-core-2.0 identityserver4

我正在设置一个简单的asp.net Core 2 mvc应用程序,该应用程序在外部IdentityServer4上进行身份验证。在尝试实现应用程序本地用户存储之前,一切工作都很好。当我向Startup添加基本服务.AddIdentity ...时,我可以正常登录,但注销将不再自动重定向回该应用程序。我似乎丢失了PostLogoutRedirectUri。我想知道是否需要在登录时将idsrv声明映射到本地声明,但是不确定。工作与不工作之间的唯一区别是我添加了以下几行。

services.AddIdentity<IdentityUser, IdentityRole>(options => { })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

我尝试了各种注销方式,以包括RedirectUri。 例如。

I have tried suggestions here:

 public void ConfigureServices(IServiceCollection services)
    {

        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(ContextConnection));

        services.AddMvc()
        .AddRazorPagesOptions(options =>
        {
            options.Conventions.AuthorizePage("/api");
        })
        .SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

        services.AddScoped<IApplicationDbContext, ApplicationDbContext>();

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        services.AddIdentity<IdentityUser, IdentityRole>(options => { })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders(); 




        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = "oidc";

        })

        .AddCookie(options =>
        {

            options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
            options.Cookie.Name = "mycookie";
        })
      .AddAutomaticTokenManagement()
        .AddOpenIdConnect("oidc", options =>
        {
            options.Authority = "https://localhost:44345";
            options.RequireHttpsMetadata = false;
            options.ClientSecret = "secret";
            options.ClientId = "myapp";
            options.ResponseType = "code id_token";
            options.Scope.Clear();
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");
            options.Scope.Add("hdiapi");
            options.Scope.Add("offline_access");

            options.ClaimActions.MapAll();
            //options.ClaimActions.MapAllExcept("iss", "nbf", "exp", "aud", "nonce", "iat", "c_hash");

            options.GetClaimsFromUserInfoEndpoint = true;
            options.SaveTokens = true;

            options.TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = JwtClaimTypes.Name,
                RoleClaimType = JwtClaimTypes.Role,
            };
        });
enter code here

AccountControler

public IActionResult Logout()
{
    var properties = new AuthenticationProperties
    {
        RedirectUri = Url.Action("https://localhost:44375/signout-callback-oidc"),
        Items = { { "scheme", "oidc" } }
    };

    return new SignOutResult(new[] { "Cookies", "oidc" }
    ,properties);
}



[HttpGet]
public async Task<IActionResult> ExternalLoginCallback()
{

    // read external identity from the temporary cookie
    //var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
    var result = await HttpContext.AuthenticateAsync("oidc");
    if (result?.Succeeded != true)
    {
        throw new Exception("External authentication error");
    }

    // retrieve claims of the external user
    var externalUser = result.Principal;
    if (externalUser == null)
    {
        throw new Exception("External authentication error");
    }

    // retrieve claims of the external user
    var claims = externalUser.Claims.ToList();

    // try to determine the unique id of the external user - the most common claim type for that are the sub claim and the NameIdentifier
    // depending on the external provider, some other claim type might be used
    var userIdClaim = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject);
    if (userIdClaim == null)
    {
        userIdClaim = claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
    }
    if (userIdClaim == null)
    {
        throw new Exception("Unknown userid");
    }

    var externalUserId = userIdClaim.Value;
    var externalProvider = userIdClaim.Issuer;

    // use externalProvider and externalUserId to find your user, or provision a new user

    //var result = await HttpContext.AuthenticateAsync("oidc");

    //var externalUserId = result.Principal.FindFirstValue("sub")
    //                     ?? result.Principal.FindFirstValue(ClaimTypes.NameIdentifier)
    //                     ?? throw new Exception("Cannot find external user id");
    //var provider = result.Properties.Items["scheme"];

    //await HttpContext.SignInAsync("Cookies", result.Principal);


    return RedirectToAction("Index");
}

我没有看到任何异常,我已退出IDSRV,但它没有重定向回应用程序

0 个答案:

没有答案