在.NET Core中使用Azure AD身份验证时如何指定自定义注销URL [英] How to specify custom logout URL when using Azure AD authentication in .NET core

问题描述

我有一个使用工作或学校帐户(Azure AD身份验证)的ASP.NET core 2.2 Web应用程序.当我退出时，应用程序最终显示在

I have an ASP.NET core 2.2 web application that uses work or school accounts (Azure AD authentication). When I sign out, the application ends up at

/AzureAD/帐户/已注销

/AzureAD/Account/SignedOut

我希望它使用在应用程序注册中指定的注销URL重定向回到首页.参见下面的屏幕截图.在此处指定注销URL时，Azure AD实际上会调用该页面(以清除会话数据)，但是最终它最终在/AzureAD/Account/SignedOut位置结束.我在其他任何地方都看不到要指定注销URL的等效项.这是使用Azure AD身份验证时Visual Studio生成的退出按钮的代码.

I'd like for it to redirect back to the home page using the Logout URL specified in the application registration. See below for screenshot. When specifying a logout URL here, Azure AD does in fact call that page (to clear session data), but then it finally ends up at the /AzureAD/Account/SignedOut location. I don't see anywhere else to specify the equivalent of a logout URL. Here is the code for the sign out button as generated by Visual Studio when using Azure AD authentication.

<a asp-area="AzureAD" asp-controller="Account" asp-action="SignOut">Sign out</a>

我还尝试过将重定向直接添加到操作中.

I've also tried adding the redirect directly onto the action.

<a asp-area="AzureAD" asp-controller="Account" asp-route-post_logout_redirect_uri="https://localhost:44381" asp-action="SignOut">Sign out</a>

推荐答案

发生此问题是因为嵌入的

The issue happens because the embeded AccountController.cs in ASP.NET core returns to the URL you mentioned:

        [HttpGet("{scheme?}")]
        public IActionResult SignOut([FromRoute] string scheme)
        {
            scheme = scheme ?? AzureADDefaults.AuthenticationScheme;
            var options = Options.Get(scheme);
            var callbackUrl = Url.Page("/Account/SignedOut", pageHandler: null, values: null, protocol: Request.Scheme);
            return SignOut(
                new AuthenticationProperties { RedirectUri = callbackUrl },
                options.CookieSchemeName,
                options.OpenIdConnectSchemeName);
        }

一种解决方法是构建您自己的AccountController，而不使用ASP.NET CORE随附的默认控制器，如下所示:

A workaround is to build you own AccountController instead of using the default one shipped with ASP.NET CORE, like below:

 public class AccountController : Controller
    {
        [HttpGet]
        public IActionResult SignIn()
        {
            var redirectUrl = Url.Action(nameof(HomeController.Index), "Home");
            return Challenge(
                new AuthenticationProperties { RedirectUri = redirectUrl },
                OpenIdConnectDefaults.AuthenticationScheme);
        }

        [HttpGet]
        public IActionResult SignOut()
        {
            var callbackUrl = Url.Action(nameof(SignedOut), "Account", values: null, protocol: Request.Scheme);
            return SignOut(
                new AuthenticationProperties { RedirectUri = callbackUrl },
                CookieAuthenticationDefaults.AuthenticationScheme,
                OpenIdConnectDefaults.AuthenticationScheme);
        }

        [HttpGet]
        public IActionResult SignedOut()
        {
            if (User.Identity.IsAuthenticated)
            {
                // Redirect to home page if the user is authenticated.
                return RedirectToAction(nameof(HomeController.Index), "Home");
            }

            return RedirectToAction(nameof(HomeController.Index), "ThePathYouWant");
        }

        [HttpGet]
        public IActionResult AccessDenied()
        {
            return View();
        }
    }

这篇关于在.NET Core中使用Azure AD身份验证时如何指定自定义注销URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！