//[ValidateAntiForgeryToken] public async Task <IActionResult> Logout([FromBody] LogoutRequestDto model) { if (!this.ModelState.IsValid) { return(BadRequest(this.ModelState)); } //// build a model so the logged out page knows what to display var dto = await this.BuildLoggedOutInfoDtoAsync(model.LogoutId); if (User?.Identity.IsAuthenticated == true) { // delete local authentication cookie await HttpContext.SignOutAsync(); // raise the logout event await this.events.RaiseAsync(new UserLogoutSuccessEvent(User.GetSubjectId(), User.GetDisplayName())); } // check if we need to trigger sign-out at an upstream identity provider if (dto.TriggerExternalSignout()) { // build a return URL so the upstream provider will redirect back // to us after the user has logged out. this allows us to then // complete our single sign-out processing. string url = Url.Action("Logout", new { logoutId = dto.LogoutId }); // this triggers a redirect to the external provider for sign-out return(SignOut(new AuthenticationProperties { RedirectUri = url }, dto.ExternalAuthenticationScheme)); } return(Ok(dto)); }
public async Task <IActionResult> Logout(string logoutId) { // build a model so the logout page knows what to display LogoutInfoDto dto = await this.BuildLogoutInfoDtoAsync(logoutId); if (dto.ShowLogoutPrompt == false) { // if the request for logout was properly authenticated from IdentityServer, then // we don't need to show the prompt and can just log the user out directly. var requestDto = new LogoutRequestDto { LogoutId = dto.LogoutId }; return(await Logout(requestDto)); } return(Ok(dto)); }