首页 文章

使用OWIN中间件为OIDC将客户端ID附加到注销URL

提问于
浏览
0

我正在为客户开发Web应用程序 . 对于身份验证,客户正在使用他自己的(自定义)OIDC身份提供商 . 我能够实现登录,注册,密码重置 . 现在的任务是实施注销 .

当用户注销时,他将被重定向到 https://customoidc.example.com/ciam/logout?post_logout_redirect_uri=https%3a%2f%2flocalhost%3a4200%2faccount%2fsignout-callback . 这不是自定义OIDC提供程序的有效注销URL . 它还需要客户端ID . 我无法配置中间件将客户端ID作为查询字符串参数发送 . 我怎样才能做到这一点?

在配置 EndSessionEndpoint = ciamUrl + $"ciam/logout?client_id={clientId}" 中附加客户端ID会导致格式错误的URL https://customoidc.exemple.com/ciam/logout?client_id={clientId}?post_logout_redirect_uri=https%3a%2f%2flocalhost%3a4200%2faccount%2fsignout-callback (双问号) .

这是身份验证中间件的样子:

public void ConfigureAuth(IAppBuilder app)
{
    var cookieAT = CookieAuthenticationDefaults.AuthenticationType;
    app.SetDefaultSignInAsAuthenticationType(cookieAT);

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = "Cookie",
        AuthenticationMode = AuthenticationMode.Active
    });

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        RedirectUri = redirectUri,
        Configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnectConfiguration
        {
            AuthorizationEndpoint = ciamUrl + "oidc10/auth/oauth/v2/authorize",
            TokenEndpoint = ciamUrl + "oidc10/auth/oauth/v2/token",
            UserInfoEndpoint = ciamUrl + "oidc10/openid/connect/v1/userinfo",
            EndSessionEndpoint = ciamUrl + "ciam/logout"
        },
        ResponseType = "code",
        Scope = "openid ciam-uid email profile"
    });
}

注销通过以下代码触发:

[RoutePrefix("account")]
public class AccountController : Controller
{
    [Route("signout")]
    public void SignOut()
    {
        string callbackUrl = Url.Action(
            actionName: "SignOutCallback",
            controllerName: "Account",
            routeValues: null,
            protocol: Request.Url.Scheme);
        var authnProperties = new AuthenticationProperties { RedirectUri = callbackUrl };
        var oidcAT = OpenIdConnectAuthenticationDefaults.AuthenticationType;
        var cookieAT = CookieAuthenticationDefaults.AuthenticationType;
        var owinCtx = HttpContext.GetOwinContext();
        owinCtx.Authentication.SignOut(authnProperties, oidcAT, cookieAT);
    }

    ...
}
asp.net authentication owin oidc

1 回答

  • 0

    将配置更改为

    EndSessionEndpoint = ciamUrl + $"ciam/logout?client_id={clientId}"

    与更新NuGet包Microsoft.IdentityModel.Protocol.Extensions到版本1.0.4.403061554(最新稳定)相结合的做法 .

    这是一个类似的帖子Azure Active Directory B2C, 404 error, unexpected question mark in URL,这导致了答案 .

    回复于

相关问题