我正在为客户开发Web应用程序 . 对于身份验证,客户正在使用他自己的(自定义)OIDC身份提供商 . 我能够实现登录,注册,密码重置 . 现在的任务是实施注销 .
当用户注销时,他将被重定向到 https://customoidc.example.com/ciam/logout?post_logout_redirect_uri=https%3a%2f%2flocalhost%3a4200%2faccount%2fsignout-callback
. 这不是自定义OIDC提供程序的有效注销URL . 它还需要客户端ID . 我无法配置中间件将客户端ID作为查询字符串参数发送 . 我怎样才能做到这一点?
在配置 EndSessionEndpoint = ciamUrl + $"ciam/logout?client_id={clientId}"
中附加客户端ID会导致格式错误的URL https://customoidc.exemple.com/ciam/logout?client_id={clientId}?post_logout_redirect_uri=https%3a%2f%2flocalhost%3a4200%2faccount%2fsignout-callback
(双问号) .
这是身份验证中间件的样子:
public void ConfigureAuth(IAppBuilder app)
{
var cookieAT = CookieAuthenticationDefaults.AuthenticationType;
app.SetDefaultSignInAsAuthenticationType(cookieAT);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookie",
AuthenticationMode = AuthenticationMode.Active
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
RedirectUri = redirectUri,
Configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnectConfiguration
{
AuthorizationEndpoint = ciamUrl + "oidc10/auth/oauth/v2/authorize",
TokenEndpoint = ciamUrl + "oidc10/auth/oauth/v2/token",
UserInfoEndpoint = ciamUrl + "oidc10/openid/connect/v1/userinfo",
EndSessionEndpoint = ciamUrl + "ciam/logout"
},
ResponseType = "code",
Scope = "openid ciam-uid email profile"
});
}
注销通过以下代码触发:
[RoutePrefix("account")]
public class AccountController : Controller
{
[Route("signout")]
public void SignOut()
{
string callbackUrl = Url.Action(
actionName: "SignOutCallback",
controllerName: "Account",
routeValues: null,
protocol: Request.Url.Scheme);
var authnProperties = new AuthenticationProperties { RedirectUri = callbackUrl };
var oidcAT = OpenIdConnectAuthenticationDefaults.AuthenticationType;
var cookieAT = CookieAuthenticationDefaults.AuthenticationType;
var owinCtx = HttpContext.GetOwinContext();
owinCtx.Authentication.SignOut(authnProperties, oidcAT, cookieAT);
}
...
}
1 回答
将配置更改为
EndSessionEndpoint = ciamUrl + $"ciam/logout?client_id={clientId}"
与更新NuGet包Microsoft.IdentityModel.Protocol.Extensions到版本1.0.4.403061554(最新稳定)相结合的做法 .
这是一个类似的帖子Azure Active Directory B2C, 404 error, unexpected question mark in URL,这导致了答案 .