Exemple #1
0
        /// <summary>
        /// Signout behavior.
        /// </summary>
        /// <param name="properties">The <see cref="T:Microsoft.AspNetCore.Authentication.AuthenticationProperties" /> that contains the extra meta-data arriving with the authentication.</param>
        /// <returns>
        /// A task.
        /// </returns>
        public async Task SignOutAsync(AuthenticationProperties properties)
        {
            properties.Items["redirectUri"] = Options.SignOutPath;

            var target = ResolveTarget(Options.ForwardSignOut);

            if (target != null)
            {
                await Context.SignOutAsync(target, properties);

                return;
            }
            if (Options.Configuration == null)
            {
                Options.Configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
            }

            string sendSignoutTo = new Uri(new Uri(CurrentUri), Options.SignOutPath).AbsoluteUri;

            //prepare AuthnRequest ID, assertion Url and Relay State to prepare for Idp call
            string logoutRequestId = "id" + Guid.NewGuid().ToString("N");

            GenerateCorrelationId(properties);
            string relayState = Options.StateDataFormat.Protect(properties);

            //cleanup and remove existing cookies
            CookieOptions deleteCookieOptions = Options.RequestCookieId.Build(Context, Clock.UtcNow);

            Response.DeleteAllRequestIdCookies(Context.Request, deleteCookieOptions);

            //create and append new response cookie
            Options.RequestCookieId.Name = Options.AuthenticationScheme + Options.SignOutPath + relayState;
            Response.Cookies.Append(Options.RequestCookieId.Name, logoutRequestId, Options.RequestCookieId.Build(Context));
            string logoutRequest = "/";

            if (Options.hasCertificate)
            {
                //create logoutrequest call
                logoutRequest = _saml2Service.CreateLogoutRequest(Options, logoutRequestId, Context.User.FindFirst(Saml2ClaimTypes.SessionIndex).Value, Context.User.Identity.Name, relayState, sendSignoutTo);
            }
            //call idp
            Response.Redirect(logoutRequest, true);
        }