How to overwrite post logout redirect url

依然范特西╮ 提交于 2020-08-10 19:53:40

问题


I am using IdentityServer3 and i have ASP.NET Core as Client application.

Here is my LoggOff action method

    [HttpPost]
    public async Task LogOff()
    {
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, OpenIdConnectDefaults.AuthenticationScheme);
    }

When user logs out i see the following redirects in fiddler

   GET /identity/connect/endsession?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A44352%2Fsignout-callback-oidc&state=XXXXXX&x-client-SKU=XXXXXX&x-client-ver=5.3.0.0 HTTP/1.1

   GET /identity/logout?id=XXXXXXXXXX 

   GET /identity/connect/endsessioncallback?sid=XXXXXXX

and eventually in browser url is set to /identity/logout?id=XXXXXXXXXX. These are identity server's URL not Client Application URL.

This is working as expected when logoff button invokes LogOff action method.

Now i have a requirement. When user goes to AccessDenied page i want to logoff user first,and then redirect to AccessDenied view. The AccessDenied page is in ClientAppliction. So i have another action method that invokes SingnOut and set RedirectUri

    [HttpGet]
    public async Task AccessDenied()
    {
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
        await Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.SignOutAsync(HttpContext,
            OpenIdConnectDefaults.AuthenticationScheme,
            new Microsoft.AspNetCore.Authentication.AuthenticationProperties()
            {
                RedirectUri = "Account/AccessDenied"
            });
    }
    

This is not working. User still goes to identity/logout instead of AccessDenied. Looks like it is not setting post logout redirect uri.


回答1:


Its not a typo that you forgot to prefix the url with / ?

like

RedirectUri = "/Account/AccessDenied"

instead of

RedirectUri = "Account/AccessDenied"


来源:https://stackoverflow.com/questions/63042878/how-to-overwrite-post-logout-redirect-url

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!