Logging Out With AspNet.Security.OpenIdConnect.Server (ASP.NET vNext)

前端 未结 1 1369
走了就别回头了
走了就别回头了 2021-01-22 17:38

I am using Visual Studio 2015 Enterprise and ASP.NET vNext Beta8 to issue and consume JWT tokens as described here.

In our implementation we\'re storing some client deta

1条回答
  •  春和景丽
    2021-01-22 18:21

    In AspNet.Security.OpenIdConnect.Server, the logic used for the logout endpoint is left as an exercise.

    In this sample, it is implemented using an MVC 6 controller, where you're - of course - free to add custom logic to remove cached details from your Redis server.

    [HttpPost("~/connect/logout")]
    [ValidateAntiForgeryToken]
    public async Task Logout() {
        // When invoked, the logout endpoint might receive an unauthenticated request if the server cookie has expired.
        // When the client application sends an id_token_hint parameter, the corresponding identity can be retrieved using AuthenticateAsync.
        var identity = await HttpContext.Authentication.AuthenticateAsync(OpenIdConnectServerDefaults.AuthenticationScheme);
    
        // Remove the cached details here. If you need to determine
        // who's the authenticated user, you can use the identity variable.
    
        // Remove the authentication cookie and return the user to the client application.
        return SignOut("ServerCookie", OpenIdConnectServerDefaults.AuthenticationScheme);
    }
    

    You can also do something similar directly from the LogoutEndpoint event. Don't forget to call context.HandleResponse() to make sure the request is not intercepted by another middleware.

    0 讨论(0)
提交回复
热议问题