如何防止 SignOutResult 导致重定向循环?
How to prevent SignOutResult from resulting in a redirect loop?
我在基于 Microsoft 提供的 MusicStore 示例的 AccountController 中使用注销方法:
public class AccountController : Controller
{
public async Task<IActionResult> Logout()
{
return new SignOutResult("OpenIdConnect", new AuthenticationProperties
{
RedirectUri = Url.Action("Index", "Home")
});
////_logger.LogInformation("{userName} logged out.", userName);
}
}
(我们正在使用 OpenID Connect 进行身份验证。)
此方法不会注销用户;相反,它会在无限循环中重定向回自身。
.NET Core 1.0.0 在使用 OpenID Connect 时注销用户的正确方法是什么?
更新:
我尝试使用下面的 SignOut 方法,但最终陷入了 302 重定向循环
/Account/SignOut?post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A10565%2FAccount%2FSignedOut
更多信息:
我们在 Startup.cs 中的身份验证设置:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
services.AddMvc(options =>
{
// Globally require users to be authenticated for all controller actions
options.Filters.Add(
new AuthorizeFilter(
new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build()));
});
...
public void Configure(IApplicationBuilder app,
ILoggerFactory loggerFactory,
IHostingEnvironment env)
{
...
app.UseCookieAuthentication(new CookieAuthenticationOptions());
OpenIdConnectOptions opts = new OpenIdConnectOptions()
{
ClientId = Configuration["Oidc:ClientId"],
ClientSecret = Configuration["Oidc:ClientSecret"],
Authority = Configuration["Oidc:BaseUrl"],
ResponseType = OpenIdConnectResponseType.Code,
AutomaticAuthenticate = true,
AutomaticChallenge = true
};
app.UseMiddleware<OktaOidcMiddleware>(Options.Create(opts));
以下是我用于 Azure Active Directory OIDC 注销的内容
public IActionResult SignOut()
{
var callbackUrl = Url.Action("SignedOut", "Account", values: null, protocol: Request.Scheme);
return SignOut(new AuthenticationProperties { RedirectUri = callbackUrl },
CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme);
}
public async Task EndSession()
{
// If AAD sends a single sign-out message to the app, end the user's session, but don't redirect to AAD for sign out.
await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
public async Task<IActionResult> SignedOut()
{
if (HttpContext.User.Identity.IsAuthenticated)
{
await EndSession();
}
return View();
}
我在基于 Microsoft 提供的 MusicStore 示例的 AccountController 中使用注销方法:
public class AccountController : Controller
{
public async Task<IActionResult> Logout()
{
return new SignOutResult("OpenIdConnect", new AuthenticationProperties
{
RedirectUri = Url.Action("Index", "Home")
});
////_logger.LogInformation("{userName} logged out.", userName);
}
}
(我们正在使用 OpenID Connect 进行身份验证。)
此方法不会注销用户;相反,它会在无限循环中重定向回自身。
.NET Core 1.0.0 在使用 OpenID Connect 时注销用户的正确方法是什么?
更新:
我尝试使用下面的 SignOut 方法,但最终陷入了 302 重定向循环
/Account/SignOut?post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A10565%2FAccount%2FSignedOut
更多信息:
我们在 Startup.cs 中的身份验证设置:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
services.AddMvc(options =>
{
// Globally require users to be authenticated for all controller actions
options.Filters.Add(
new AuthorizeFilter(
new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build()));
});
...
public void Configure(IApplicationBuilder app,
ILoggerFactory loggerFactory,
IHostingEnvironment env)
{
...
app.UseCookieAuthentication(new CookieAuthenticationOptions());
OpenIdConnectOptions opts = new OpenIdConnectOptions()
{
ClientId = Configuration["Oidc:ClientId"],
ClientSecret = Configuration["Oidc:ClientSecret"],
Authority = Configuration["Oidc:BaseUrl"],
ResponseType = OpenIdConnectResponseType.Code,
AutomaticAuthenticate = true,
AutomaticChallenge = true
};
app.UseMiddleware<OktaOidcMiddleware>(Options.Create(opts));
以下是我用于 Azure Active Directory OIDC 注销的内容
public IActionResult SignOut()
{
var callbackUrl = Url.Action("SignedOut", "Account", values: null, protocol: Request.Scheme);
return SignOut(new AuthenticationProperties { RedirectUri = callbackUrl },
CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme);
}
public async Task EndSession()
{
// If AAD sends a single sign-out message to the app, end the user's session, but don't redirect to AAD for sign out.
await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
public async Task<IActionResult> SignedOut()
{
if (HttpContext.User.Identity.IsAuthenticated)
{
await EndSession();
}
return View();
}