private async Task <LogoutInfoDto> BuildLogoutInfoDtoAsync(string logoutId) { var dto = new LogoutInfoDto { LogoutId = logoutId, ShowLogoutPrompt = AccountOptions.ShowLogoutPrompt }; if (User?.Identity.IsAuthenticated != true) { // if the user is not authenticated, then just show logged out page dto.ShowLogoutPrompt = false; return(dto); } var context = await this.interaction.GetLogoutContextAsync(logoutId); if (context?.ShowSignoutPrompt == false) { // it's safe to automatically sign-out dto.ShowLogoutPrompt = false; return(dto); } // show the logout prompt. this prevents attacks where the user // is automatically signed out by another malicious web page. return(dto); }
public async Task <IActionResult> Logout(string logoutId) { // build a model so the logout page knows what to display LogoutInfoDto dto = await this.BuildLogoutInfoDtoAsync(logoutId); if (dto.ShowLogoutPrompt == false) { // if the request for logout was properly authenticated from IdentityServer, then // we don't need to show the prompt and can just log the user out directly. var requestDto = new LogoutRequestDto { LogoutId = dto.LogoutId }; return(await Logout(requestDto)); } return(Ok(dto)); }