IdentityServer Asp.net客户端强制注销超时-Java 学习之路

我有关于超时和Identityserver的问题 . 目前，我有一个通过Identityserver授权的Web表单客户端，它发出cookie . 在10分钟不活动后，此cookie将过期，用户将被定向到auth endpoints ，并自动重新授权 . 是否可以绕过此重新验证步骤并自动将用户注销？如果失败了，那么用户可以被强制进入身份登录页面 . 理想情况下，我不希望通过同一身份服务器授权的其他客户端具有此十分钟超时规则 . 我目前的设置如下，

客户启动：

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType("Cookies");

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies",
            ExpireTimeSpan = TimeSpan.FromMinutes(10),
            SlidingExpiration = true
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = "oidc",
            Authority = "IdentityUrl",
            ClientId = "ClientId",
            ClientSecret = "ClientSecret",
            RedirectUri = "RedirectUri",
            ResponseType = "code id_token",
            Scope = "scopes",
            PostLogoutRedirectUri = "PostLogoutRedirectUri",
            RequireHttpsMetadata = true,
            UseTokenLifetime = false,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                RedirectToIdentityProvider = context =>
                {
                    if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
                        context.ProtocolMessage.IdTokenHint = context.OwinContext.Authentication
                                                                                 .User.FindFirst(Constants.ResponseTypes.IdToken)?.Value;

                    return Task.FromResult(0);
                },
                SecurityTokenValidated = n =>
                {
                    var id = n.AuthenticationTicket.Identity;

                    id.AddClaim(new Claim(Constants.ResponseTypes.IdToken, n.ProtocolMessage.IdToken));
                    n.AuthenticationTicket = new AuthenticationTicket(id, n.AuthenticationTicket.Properties);

                    return Task.FromResult(0);
                }
            }
        });

        app.UseStageMarker(PipelineStage.Authenticate);

    }
}

Default.aspx的

public partial class _Default : HSTPage
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Context.Request.IsAuthenticated) Response.Redirect("HomePageUrl");
        else
        {
            HttpContext.Current.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
            {
                RedirectUri = "CallBackUrl"
            });
        }
    }
}

最后是身份服务器配置

var idpAssemblyName = GetAssemblyName<Startup>();
        services.AddIdentityServer()
                .AddSigningCredential(LoadCertificateFromStore(_configuration))
                .AddConfigurationStore(storeOptions => storeOptions.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, options => options.MigrationsAssembly(idpAssemblyName)))
                .AddOperationalStore(storeOptions => storeOptions.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, options => options.MigrationsAssembly(idpAssemblyName)))
                .AddAspNetIdentity<IdentityUser>();

1 回答

在 RedirectToIdentityProvider 通知中添加 Challenge() ：

RedirectToIdentityProvider = context =>
{
    if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
        context.ProtocolMessage.IdTokenHint = context.OwinContext.Authentication
                                                                 .User.FindFirst(Constants.ResponseTypes.IdToken)?.Value;

    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Token)
    {
        n.OwinContext.Authentication.Challenge();
    }

    return Task.FromResult(0);
},

回复于 2024-05-01T13:27:24+08:00

IdentityServer Asp.net客户端强制注销超时

1 回答

相关问题