单点注销身份服务器4

我有一个.net核心2.0 mvc应用程序，它使用Identity Server 4来验证用户 . 我遇到了将用户从Identity Server中记录下来并清除我在mvc应用程序中创建的自定义cookie的问题 .

在mvc app中我触发注销：

await HttpContext.SignOutAsync("Cookies");
await HttpContext.SignOutAsync("oidc");

然后，我被重定向到Identity Server帐户控制器注销操作，该操作成功生成“您现在已注销”屏幕 . 在此之后，我希望用户被重定向到Identity Server登录页面，但是，当我导航到我的MVC应用程序时，我没有被要求再次登录，而是我已经过身份验证并且可以访问mvc应用程序 . 我很难理解当我刚注销时用户何时或如何重新进行身份验证 .

下面是我在MVC中启动的代码和IDSvr4中的客户端配置 .

Startup.cs in MVC App

services.AddAuthentication(options =>
        {                  
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = "oidc";               

        })
        .AddCookie("Cookies", options =>
        {                
            options.Cookie.Name = "HubCookie";
            options.Cookie.Expiration = new TimeSpan(0, 5, 0);
            options.SlidingExpiration = true;
            options.ExpireTimeSpan = new TimeSpan(0, 5, 0);
            options.LogoutPath = "/home/logout";                
        })
        .AddOpenIdConnect("oidc", options =>
        {
            options.SignInScheme = "Cookies";
            options.SignOutScheme = "Cookies";

            options.Authority = "https://auth.test.com/";
            options.RequireHttpsMetadata = false;

            options.ClientId = "mvc";
            options.ClientSecret = "XXXXXX";
            options.ResponseType = "code id_token";

            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;

            options.ClaimActions.MapUniqueJsonKey("website", "website");

            options.Scope.Add("api1");
            options.Scope.Add("offline_access");
            options.Scope.Add("testScope");

            options.UseTokenLifetime = true;

            options.SignedOutRedirectUri = "http://localhost:5002/test/";
            //options.CallbackPath = "http://localhost:5002/division/";

});

Client Config in IDSvr4

new Client
{
    ClientId = "mvc",
    ClientName = "MVC Client",
    AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

    RequireConsent = false,

    ClientSecrets =
    {
        new Secret("XXXXX".Sha256())
    },

    RedirectUris           = { "http://localhost:5002/signin-oidc" },
    PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
    FrontChannelLogoutUri = "http://localhost:5002/home/logout",

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        "api1", "testScope"
    },

    AbsoluteRefreshTokenLifetime = 300,
    SlidingRefreshTokenLifetime = 120,
    RefreshTokenUsage = TokenUsage.ReUse,
    RefreshTokenExpiration = TokenExpiration.Sliding,
    UpdateAccessTokenClaimsOnRefresh = true,
    AllowOfflineAccess = true,
    AccessTokenLifetime = 60
}