更改Azure AD B2C注销URL(将AzureADB2C/Account/SignedOut更改为自定义URL) [英] Change Azure AD B2C SignOut URL (Change AzureADB2C/Account/SignedOut to custom URL)

问题描述

我目前正在构建一个使用Azure B2C OIDC进行登录/身份验证的C#Net Core 2.2应用程序.我已经自定义登录页面，并且知道如何使用自定义页面布局使用托管在我网站上的CSS和代码来自定义编辑/忘记密码屏幕.

I'm currently building a C# Net Core 2.2 app that is using Azure B2C OIDC for login/authentication. I've customized the login page and know how to customize the edit/forgot password screens with CSS and code hosted on my site using custom page layouts.

我遇到的问题是在注销时，我被重定向到/AzureADB2C/Account/SignOut.我想像在登录页面中那样修改CSS，或者更改该URL以便转到在我的网站上托管的自定义控制器操作.

The problem I'm running into is that on signout, I'm being redirected to /AzureADB2C/Account/SignOut. I'd like to either modify the CSS like I can with the login page, or change that URL to go to a custom controller action hosted on my site.

有人知道管理该过程的方式/方式吗?似乎很奇怪，他们会为但"登出过程中的所有内容提供自定义布局.

Does anyone know how/what the process is to manage that? It seems weird they would have custom layouts available for everything "but" the sign out process.

作为一种解决方法，我发现我可以添加重写选项"以进行处理登录网址，并将其重写为我在网站上拥有的控制器.但是，我不确定这是否是实现此目标的最佳方法任务，它在一个非常晦涩的MSDN页面上，但是确实可以工作.见下文:

As a workaround, I found I could add a "Rewrite Option" for handling the SignOut URL and rewriting it to a controller I have on my site. However, I'm not sure if this is the optimal way to accomplish this task, it was on a very obscure MSDN page, but it does work. See below:

// Inside Startup.cs
// Workaround for SignedOut URL error in MSFT code 
RewriteOptions rewrite = new RewriteOptions().AddRedirect("AzureADB2C/Account/SignedOut","Account/SignedOut"); 
app.UseRewriter(rewrite);

推荐答案

我假设您正在使用用户流(策略)来自定义登录/个人资料编辑/密码重置页面.您可能会注意到没有注销"用户流，因此您无法在此处进行任何操作.

I presume you're using the User Fows (policies) to customize your Signin/Profile editing/Password reset pages. You may notice that there's no Signout user flow, so you cannot do anything here about it.

但是MS为您提供了另一种方式来拥有自己的注销后页面.从Web应用程序注销时，您应按照

But MS gives you another way to have your own post-logout page. When you logout from your web app you should redirect to B2C's logout endpoint as described here. (Note: that's what you should do anyway, even if you don't want a custom logout page)

当您要使用户退出应用程序时，仅清除应用程序的cookie或终止与用户的会话是不够的.将用户重定向到Azure AD B2C以注销.如果您这样做失败，则用户可能可以重新验证您的应用程序，而无需再次输入其凭据.

When you want to sign the user out of the application, it isn't enough to clear the application's cookies or otherwise end the session with the user. Redirect the user to Azure AD B2C to sign out. If you fail to do so, the user might be able to reauthenticate to your application without entering their credentials again.

注销端点可以在查询字符串中接收可选的 post_logout_redirect_uri 参数，您可以在其中指定另一个URL，最终将通过B2C将您的用户重定向到该URL.那可以是任何资源的地址，例如您的首页或您自己的页面向用户显示您已成功退出我们的服务"消息.

The logout endpoint can receive an optional post_logout_redirect_uri parameter in the query string, where you can specify another URL where your user will be finally redirected by B2C. That can be the address of any resource, e.g. you homepage or your own page showing a "You successfully logged out of our service" message to the user.

post_logout_redirect_uri -成功注销后用户应重定向到的URL.如果不包含此消息，Azure AD B2C会向用户显示一条通用消息.

post_logout_redirect_uri - The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message.

这篇关于更改Azure AD B2C注销URL(将AzureADB2C/Account/SignedOut更改为自定义URL)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！