//[ValidateAntiForgeryToken]
public async Task <IActionResult> Logout([FromBody] LogoutRequestDto model)
{
if (!this.ModelState.IsValid)
{
return(BadRequest(this.ModelState));
}
//// build a model so the logged out page knows what to display
var dto = await this.BuildLoggedOutInfoDtoAsync(model.LogoutId);
if (User?.Identity.IsAuthenticated == true)
{
// delete local authentication cookie
await HttpContext.SignOutAsync();
// raise the logout event
await this.events.RaiseAsync(new UserLogoutSuccessEvent(User.GetSubjectId(), User.GetDisplayName()));
}
// check if we need to trigger sign-out at an upstream identity provider
if (dto.TriggerExternalSignout())
{
// build a return URL so the upstream provider will redirect back
// to us after the user has logged out. this allows us to then
// complete our single sign-out processing.
string url = Url.Action("Logout", new { logoutId = dto.LogoutId });
// this triggers a redirect to the external provider for sign-out
return(SignOut(new AuthenticationProperties {
RedirectUri = url
}, dto.ExternalAuthenticationScheme));
}
return(Ok(dto));
}
public async Task <IActionResult> Logout(string logoutId)
{
// build a model so the logout page knows what to display
LogoutInfoDto dto = await this.BuildLogoutInfoDtoAsync(logoutId);
if (dto.ShowLogoutPrompt == false)
{
// if the request for logout was properly authenticated from IdentityServer, then
// we don't need to show the prompt and can just log the user out directly.
var requestDto = new LogoutRequestDto {
LogoutId = dto.LogoutId
};
return(await Logout(requestDto));
}
return(Ok(dto));
}
