Reputation: 101
Identity Server 4 : Proper logout from MVC Client
I'm in trouble with the Logout feature in IdentityServer 4. My IS4 application is mainly the result of the tutorial on their Website, so their is not really custom behavior. I use ASP.net Core Identity as well. I have a MVC Client (again, basically the project template). I just added a "Logout" button at the top of the Index page, in order to log the current authenticated user out.
This is the Logout method in my MVC Client :
public async Task Logout()
{
await HttpContext.SignOutAsync("Cookies");
await HttpContext.SignOutAsync("oidc");
}
So exactly what the tutorial says.
This is the configuration in Startup.cs of MVC Client :
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.CallbackPath = new PathString("/Home/");
options.ClientId = "Core.WebUI";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("offline_access");
});
Nothing fancy... Now the MVC Client configuration in the IS4 app :
new Client
{
ClientId = "Core.WebUI",
ClientName = "MVC Client",
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
// where to redirect to after login
RedirectUris = { "http://localhost:5011/Home/" },
// where to redirect to after logout
PostLogoutRedirectUris = { "http://localhost:5011/Home/" },
AlwaysSendClientClaims = true,
AlwaysIncludeUserClaimsInIdToken = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
},
AllowOfflineAccess = true
}
Again, mostly what the tutorial says. My problem is : When an user is connected, and then I click on the logout button, I'm redirected, to the IS4 app, in the logout page, saying that I'm now logged off. But actually, I'm not, because if I go back to my MVC, I still can access to the protected features (with the Authorize attribute). In order to correctly log my user out, once I'm in the logout page of my D4 app, I have to click on the logout button of the IS4 app... And only then I'm correctly logged out...
What I want is that when I click the Logout button on my MVC Client, I'd be REALLY logged out, and directly redirected to the home page of my MVC Client (without the "You are now logged out" page)
I'm pretty new to IS4 ans ADP.NET so any help is more than welcome... Thanks !
Upvotes: 5
Views: 5170
Answers (3)
Reputation: 1723
It's better to not use the magic string but:
return new SignOutResult(new[]
{
CookieAuthenticationDefaults.AuthenticationScheme,
OpenIdConnectDefaults.AuthenticationScheme
});
Upvotes: 1
Reputation: 101
Here's how I solved this:
public IActionResult LogOff()
{
return new SignOutResult(new[] { "oidc", "Cookies" });
}
Upvotes: 2
Reputation: 460
Have you tried with,
public async Task<IActionResult> Logout()
{
await _signInManager.SignOutAsync();
return View("Logout"); // or whatever url Redirect("http://localhost:5011/Home/")
}
Upvotes: 0
Related Questions
- Logging out not working - Asp.net core identity server
- IdentityServer4 + ASP.Net Core Identity Signout from Client does not logout on ID4
- Sign out identityserver4 with identityserver3 library in mvc client
- How to get asp.net identity logout to work?
- Identity Server 4 forced logout users
- IdentityServer4 logout
- identity 2.2 logging off doesn't destroy session
- IdentityServer4 Handling Logout Correctly
- AspCore Client Global Signout with IdentityServer
- ASP.Net MVC 5 w/identity 2.2.0 Log off not working