private async Task <LogoutInfoDto> BuildLogoutInfoDtoAsync(string logoutId)
{
var dto = new LogoutInfoDto {
LogoutId = logoutId, ShowLogoutPrompt = AccountOptions.ShowLogoutPrompt
};
if (User?.Identity.IsAuthenticated != true)
{
// if the user is not authenticated, then just show logged out page
dto.ShowLogoutPrompt = false;
return(dto);
}
var context = await this.interaction.GetLogoutContextAsync(logoutId);
if (context?.ShowSignoutPrompt == false)
{
// it's safe to automatically sign-out
dto.ShowLogoutPrompt = false;
return(dto);
}
// show the logout prompt. this prevents attacks where the user
// is automatically signed out by another malicious web page.
return(dto);
}
public async Task <IActionResult> Logout(string logoutId)
{
// build a model so the logout page knows what to display
LogoutInfoDto dto = await this.BuildLogoutInfoDtoAsync(logoutId);
if (dto.ShowLogoutPrompt == false)
{
// if the request for logout was properly authenticated from IdentityServer, then
// we don't need to show the prompt and can just log the user out directly.
var requestDto = new LogoutRequestDto {
LogoutId = dto.LogoutId
};
return(await Logout(requestDto));
}
return(Ok(dto));
}
