堆栈内存溢出
  简体   繁体   English

如何在IdentityServer3中使用Ajax注销用户

[英]How To logout user with ajax in identityserver3

 原文  2018-02-07 09:07:22       c#/ ajax/ asp.net-mvc/ identity/ identityserver3

问题描述

I configed my identityserver project to skip logout page.It shows logout page for one or two second.But i set PostSignOutAutoRedirectDelay=0 so i want logout user with ajax.But i get: Response for preflight has invalid HTTP status code 405. And my log file says: 我将Identityserver项目配置为跳过注销页面。它显示注销页面一到两秒钟。但是我设置了PostSignOutAutoRedirectDelay = 0,所以我希望使用ajax注销用户。但是我得到:预检响应的HTTP状态代码为405无效。日志文件说: 

2018-02-07 11:49:40.475 +03:30 [Information] End authorize request
2018-02-07 11:49:40.479 +03:30 [Information] Posting to 
http://localhost:14600/
2018-02-07 11:49:40.480 +03:30 [Debug] Using DefaultViewService to render 
authorization response HTML
2018-02-07 11:49:57.949 +03:30 [Information] CORS request made for path: 
"/connect/endsession" from origin: "http://localhost:14600" but rejected 
because invalid CORS path

Here is my client class code: 这是我的客户类代码:

And my startup class: 而我的启动班: 

    public void Configuration(IAppBuilder app)
    {

        app.Map("/identity", idsrvApp =>
        {
            var factory =
                new IdentityServerServiceFactory().UseInMemoryClients(Clients.Get())
                                                  .UseInMemoryScopes(Scopes.Get())
                                                  .UseInMemoryUsers(Users.Get());

            var userService = new UserService();


            factory.UserService = new Registration<IUserService>(reslove => userService);
            var viewOptions = new DefaultViewServiceOptions();
            viewOptions.CacheViews = false;
            factory.ConfigureDefaultViewService(viewOptions);
            var options = new IdentityServerOptions
            {
                SigningCertificate = LoadCertificate(),

                Factory = factory,
                Endpoints = new EndpointOptions()
                {
                    EnableCspReportEndpoint = true,
                    EnableAuthorizeEndpoint = true,
                    EnableTokenRevocationEndpoint = true,
                    EnableEndSessionEndpoint = true,
                    EnableCheckSessionEndpoint = true,
                    EnableUserInfoEndpoint = true,
                    EnableDiscoveryEndpoint = true,
                    EnableTokenEndpoint = true,
                    EnableIdentityTokenValidationEndpoint = true,
                    EnableClientPermissionsEndpoint = true,
                    EnableAccessTokenValidationEndpoint = true,
                    EnableIntrospectionEndpoint = true
                },
                AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
                {
                    //sign out with out confirm
                    EnablePostSignOutAutoRedirect = true,
                    EnableSignOutPrompt = false,
                    PostSignOutAutoRedirectDelay=0


                    //   IdentityProviders = ConfigureAdditionalIdentityProviders,
                }
            };

            idsrvApp.UseIdentityServer(options);
        });

        string ss = HttpContext.Current.Server.MapPath("~/Content/identity.log");
        Serilog.Log.Logger =
            new LoggerConfiguration().MinimumLevel.Debug()
                .WriteTo.RollingFile(pathFormat: ss)
                .CreateLogger();
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });


        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            Authority = ConfigurationManager.AppSettings["Authority"],

            ClientId = "Identity",
            Scope = "openid profile roles sampleApi",
            ResponseType = "id_token token",
            RedirectUri = ConfigurationManager.AppSettings["RedirectUri"],

            SignInAsAuthenticationType = "Cookies",
            UseTokenLifetime = false,
            PostLogoutRedirectUri= "https://www.google.com",
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                SecurityTokenValidated = async n =>
                {
                    var nid = new ClaimsIdentity(
                        n.AuthenticationTicket.Identity.AuthenticationType,
                        Constants.ClaimTypes.GivenName,
                        Constants.ClaimTypes.Role);
                    // get userinfo data
                    var userInfoClient = new UserInfoClient(
                        new Uri(n.Options.Authority + "/connect/userinfo"),
                        n.ProtocolMessage.AccessToken);

                    var userInfo = await userInfoClient.GetAsync();
                    userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));

                    // keep the id_token for logout
                    nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                    // add access token for sample API
                    nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));

                    // keep track of access token expiration
                    nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));

                    // add some other app specific claim
                    nid.AddClaim(new Claim("app_specific", "some data"));

                    n.AuthenticationTicket = new AuthenticationTicket(
                        nid,
                        n.AuthenticationTicket.Properties);
                },

                RedirectToIdentityProvider = n =>
                {
                    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                    {
                        var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                        if (idTokenHint != null)
                        {
                            n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                        }
                    }

                    return Task.FromResult(0);
                }
            }
        });
    }

And my action: 我的行动: 

public ActionResult Logout()
    {
        Request.GetOwinContext().Authentication.SignOut();
        return Redirect("/");
    }

1 个解决方案

解决方案1
 0  2019-07-26 01:56:03

IdentityServer 3 (and 4) is an implementation of OpenID Connect and some of its extensions that currently implementer's draft. IdentityServer 3(和4)是OpenID Connect及其当前实施者草案的某些扩展的实现。 In OpenID Connect there is no way to issue a logout request via ajax. 在OpenID Connect中,无法通过ajax发出注销请求。 You have two ways to logout...assuming you're using the front-channel (user agent): 您有两种注销方法……假设您使用的是前渠道(用户代理):

  • clear your application session, this will log the user out of the current application (RP), not the openid provider 清除您的应用程序会话,这将使用户退出当前应用程序(RP),而不是openid提供程序
  • Issue a request to end session endpoint and have your application listen for logout logout request on a pre-configured logout url to clear local session. 发出结束会话端点的请求,并让您的应用程序侦听预先配置的注销URL上的注销注销请求,以清除本地会话。 This will log you out of all applications 这将使您退出所有应用程序

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在注销时不会删除IdentityServer3令牌 - IdentityServer3 Token Not Getting Deleted on Logout IdentityServer3 将注销重定向到自定义 URL - IdentityServer3 redirect Logout to the Custom URL IdentityServer3注销端点上没有自动重定向 - No auto-redirect on IdentityServer3 logout endpoint IdentityServer3如何使用signin =从MVC客户端应用程序重定向用户 - IdentityServer3 How to redirect user from MVC Client application with signin= 如何为IdentityServer3扩展IdentityManager - How to extend IdentityManager for IdentityServer3 如何运行IdentityServer3示例? - How to run IdentityServer3 samples? IdentityServer3-如何在PreAuthenticateAsync中获得部分身份? - IdentityServer3 - how to get partial identity in PreAuthenticateAsync? 如何为IdentityServer3设置MVC客户端 - How to setup an MVC client for IdentityServer3 如何使用自定义用户服务为identityserver3添加访问令牌的声明 - How to add claims to access token for identityserver3 using custom user service Asp.Net Identity 2 用户信息如何映射到 IdentityServer3 配置文件声明 - How does Asp.Net Identity 2 User Info get mapped to IdentityServer3 profile claims
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM