c# – 如何在thinktecture IdentityServer中禁用自动登录

2019年7月28日 175次阅读

我有一个MVC应用程序,由identityserver管理授权.当我第一次访问我的网站时,它会重定向到身份服务器登录页面,然后我再次被重定向到我的网站.

我的问题是,如果我注销身份服务器,当我再次访问我的网站(使用身份服务器授权)时,我被重定向到身份服务器,但登录自动完成,让我访问我的网站,而无需将用户/密码放入身份服务器.

我认为这是因为cookie在客户端仍然存在(如果我在浏览器中手动删除所有cookie,则需要用户/传递).

如何禁用自动登录(强制始终需要用户/通行证)?

我的启动客户端配置如下:

 app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            LoginPath = new PathString("/Home/Logged/"),
            AuthenticationType = "Cookies",
            ExpireTimeSpan = TimeSpan.FromDays(2),
            SlidingExpiration = true,
            CookieName = ".AspNet.MyApp"

        });


        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            ClientId = "MyApp",
            Authority = IS_URL,
            RedirectUri = localHostURL + "/Home/Logged/",
            PostLogoutRedirectUri = localHostURL + "/Account/Login/",
            ResponseType = "code id_token token", 
            Scope = "openid profile read write sampleApi",
            SignInAsAuthenticationType = "Cookies",

            UseTokenLifetime = true,

            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                SecurityTokenValidated = async n =>
                {
                    var nid = new ClaimsIdentity(
                        n.AuthenticationTicket.Identity.AuthenticationType,
                        "given_name",
                        "role");

                    // get userinfo data
                    var userInfoClient = new UserInfoClient(
                        new System.Uri(n.Options.Authority + "/connect/userinfo"),
                        n.ProtocolMessage.AccessToken);

                    var userInfo = await userInfoClient.GetAsync();
                    userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));

                    //keep the id_token for logout

                   nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                   // add access token for sample API
                   nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));

                    // keep track of access token expiration
                    nid.AddClaim(new Claim("expires_at", TimeSpan.FromDays(2).ToString()));

                    // add some other app specific claim
                    nid.AddClaim(new Claim("app_specific", "some data"));

                    n.AuthenticationTicket = new AuthenticationTicket(
                        nid,
                        n.AuthenticationTicket.Properties);
                },
                RedirectToIdentityProvider = n =>
                {
                    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                    {
                        var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                        if (idTokenHint != null)
                        {
                            n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                        }
                    }

                    return Task.FromResult(0);
                }
            }
        });

提前致谢!

最佳答案 要从identityserver注销,您需要重定向到结束会话端点.

通常/连接/结束.只有这样才能清除认证会话cookie.

看规范:
https://openid.net/specs/openid-connect-session-1_0.html#RPLogout

点赞