如何覆盖发布注销重定向网址 [英] How to overwrite post logout redirect url

问题描述

我正在使用IdentityServer3，并且具有ASP.NET Core作为客户端应用程序.

I am using IdentityServer3 and i have ASP.NET Core as Client application.

这是我的LoggOff操作方法

Here is my LoggOff action method

    [HttpPost]
    public async Task LogOff()
    {
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, OpenIdConnectDefaults.AuthenticationScheme);
    }

用户注销后，我在提琴手中看到以下重定向

When user logs out i see the following redirects in fiddler

   GET /identity/connect/endsession?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A44352%2Fsignout-callback-oidc&state=XXXXXX&x-client-SKU=XXXXXX&x-client-ver=5.3.0.0 HTTP/1.1

   GET /identity/logout?id=XXXXXXXXXX 

   GET /identity/connect/endsessioncallback?sid=XXXXXXX

，并最终在浏览器中将URL设置为/identity/logout?id = XXXXXXXXXX .这些是身份服务器的URL，而不是客户端应用程序的URL.

and eventually in browser url is set to /identity/logout?id=XXXXXXXXXX. These are identity server's URL not Client Application URL.

当注销按钮调用 LogOff 操作方法时，此方法按预期工作.

This is working as expected when logoff button invokes LogOff action method.

现在我有一个要求.当用户转到 AccessDenied 页面时，我要先注销用户，然后重定向到 AccessDenied 视图. AccessDenied 页面在ClientAppliction中.所以我有另一个动作方法，可以调用SingnOut并设置 RedirectUri

Now i have a requirement. When user goes to AccessDenied page i want to logoff user first,and then redirect to AccessDenied view. The AccessDenied page is in ClientAppliction. So i have another action method that invokes SingnOut and set RedirectUri

    [HttpGet]
    public async Task AccessDenied()
    {
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext,
            OpenIdConnectDefaults.AuthenticationScheme,
            new Microsoft.AspNetCore.Authentication.AuthenticationProperties()
            {
                RedirectUri = "Account/AccessDenied"
            });
    }
    

这不起作用.用户仍然转到 identity/logout ，而不是 AccessDenied .似乎未设置退出注销重定向uri.

This is not working. User still goes to identity/logout instead of AccessDenied. Looks like it is not setting post logout redirect uri.

推荐答案

您不会忘记在URL前面加上/吗?

Its not a typo that you forgot to prefix the url with / ?

喜欢

RedirectUri = "/Account/AccessDenied"

代替

RedirectUri = "Account/AccessDenied"

这篇关于如何覆盖发布注销重定向网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！