[英]Use HttpPost for Logout in OWIN/Katana authentication manager
Is there a way to force the Katana authentication manager to call the Logout endpoint from IdentityServer3 with a HttpPost instead of a HttpGet method? 有没有办法强制Katana身份验证管理器使用HttpPost而不是HttpGet方法从IdentityServer3调用Logout端点?
I currently use this method to call the endsession endpoint from IdentityServer3 (according to this tutorial): 我目前使用此方法从IdentityServer3调用endsession端点(根据本教程):
public ActionResult Logout()
{
// standard way with HTTP GET
Request.GetOwinContext().Authentication.SignOut();
return Redirect("/");
}
I need this, because the URL would have more than 2000 chars and this will lead to some errors. 我需要这个,因为URL将有超过2000个字符,这将导致一些错误。
Thx for help 谢谢你的帮助
Sadly the OWIN middleware is not supporting HttpPost sign-out actions. 遗憾的是,OWIN中间件不支持HttpPost注销操作。 As a workaround, you can manually post the necessary parameter to the end session endpoint
作为解决方法,您可以手动将必要的参数发布到结束会话端点
I provide a link in my MVC5 application, so that a user is able to logout: 我在我的MVC5应用程序中提供了一个链接,以便用户能够注销:
@{
Claim idTokenHintClaim = Request.GetOwinContext().Authentication.User.FindFirst("id_token");
string idTokenHint = idTokenHintClaim != null
? idTokenHintClaim.Value
: null;
}
<form action="https://.../core/endsession" method="POST" id="logoutForm">
<input type="hidden" name="id_token_hint" value="@idTokenHint"/>
<input type="hidden" name="post_logout_redirect_uri" value="@PostLogoutRedirectUrl"/>
</form>
<a href="javascript:document.getElementById('logoutForm').submit()">
Logout
</a>
The IdentityServer3 is doing its job and destroys the current user session. IdentityServer3正在执行其工作并销毁当前用户会话。 After that IdentityServer3 is calling our
@PostLogoutRedirectUrl
. 之后,IdentityServer3正在调用我们的
@PostLogoutRedirectUrl
。 The @PostLogoutRedirectUrl
is pointing to an controller method of the MVC application: @PostLogoutRedirectUrl
指向MVC应用程序的控制器方法:
public ActionResult LogoutCallback()
{
HttpCookie cookie = new HttpCookie("SecureCookieName");
cookie.HttpOnly = true;
cookie.Expires = new DateTime(1999, 10, 12);
Response.Cookies.Remove("SecureCookieName");
Response.Cookies.Add(cookie);
SetPasswordResetHint();
return RedirectToAction("Index");
}
I hope the support for HttpPost methods will be added in the OWIN middleware soon. 我希望很快就会在OWIN中间件中添加对HttpPost方法的支持。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.