public async Task <IHttpActionResult> Logout()
{
Logger.Info("Start end session request");
NameValueCollection parameters;
if (Request.Method == HttpMethod.Get)
{
parameters = Request.RequestUri.ParseQueryString();
}
else if (Request.Method == HttpMethod.Post)
{
parameters = await Request.GetOwinContext().ReadRequestFormAsNameValueCollectionAsync();
}
else
{
throw new InvalidOperationException("invalid HTTP method");
}
var result = await _validator.ValidateAsync(parameters, User as ClaimsPrincipal);
if (result.IsError)
{
// if anything went wrong, ignore the params the RP sent
return(new LogoutResult(null, Request.GetOwinEnvironment(), this._options));
}
var message = _generator.CreateSignoutMessage(_validator.ValidatedRequest);
Logger.Info("End end session request");
return(new LogoutResult(message, Request.GetOwinEnvironment(), this._options));
}
public async Task <EndSessionValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject)
{
_logger.LogDebug("Start end session request validation");
var result = await _validator.ValidateAsync(parameters, subject);
var logoutRedirectUri = parameters.Get(OidcConstants.EndSessionRequest.PostLogoutRedirectUri);
if (!result.IsError && !string.IsNullOrEmpty(logoutRedirectUri) &&
(result.ValidatedRequest.Client == null || result.ValidatedRequest.Client.ProtocolType ==
IdentityServerConstants.ProtocolTypes.WsFederation))
{
var client = result.ValidatedRequest.Client ??
_clients.FirstOrDefault(c => c.ProtocolType == IdentityServerConstants.ProtocolTypes.WsFederation && c.PostLogoutRedirectUris.Contains(logoutRedirectUri));
if (client != null)
{
result.ValidatedRequest.PostLogOutUri = logoutRedirectUri;
}
else
{
_logger.LogWarning($"No client found with log out redirect uri {logoutRedirectUri}");
}
}
return(result);
}
public async Task anonymous_user_when_options_require_authenticated_user_should_return_error()
{
_options.Authentication.RequireAuthenticatedUserForSignOutMessage = true;
var parameters = new NameValueCollection();
var result = await _subject.ValidateAsync(parameters, null);
result.IsError.Should().BeTrue();
result = await _subject.ValidateAsync(parameters, new ClaimsPrincipal());
result.IsError.Should().BeTrue();
result = await _subject.ValidateAsync(parameters, new ClaimsPrincipal(new ClaimsIdentity()));
result.IsError.Should().BeTrue();
}
/// <summary>
/// Validates end session endpoint requests.
/// </summary>
/// <param name="parameters"></param>
/// <param name="subject"></param>
/// <returns></returns>
public async Task <EndSessionValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject)
{
var result = await _parent.ValidateAsync(parameters, subject).ConfigureAwait(false);
var redirectUri = parameters.Get(WsFederationConstants.Wreply);
if (!string.IsNullOrEmpty(redirectUri))
{
result.ValidatedRequest.PostLogOutUri = redirectUri;
}
return(result);
}
public async Task <IHttpActionResult> Logout()
{
Logger.Info("Start end session request");
var result = await _validator.ValidateAsync(Request.RequestUri.ParseQueryString(), User as ClaimsPrincipal);
if (result.IsError)
{
// if anything went wrong, ignore the params the RP sent
return(new LogoutResult(null, Request.GetOwinEnvironment(), this._options));
}
var message = _generator.CreateSignoutMessage(_validator.ValidatedRequest);
Logger.Info("End end session request");
return(new LogoutResult(message, Request.GetOwinEnvironment(), this._options));
}