public override async Task <IActionResult> OnGetAsync()
{
await SignInManager.SignOutAsync();
var logoutId = Request.Query["logoutId"].ToString();
if (!string.IsNullOrEmpty(logoutId))
{
var logoutContext = await Interaction.GetLogoutContextAsync(logoutId);
await SignInManager.SignOutAsync();
HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity());
LoggedOutModel vm = new LoggedOutModel()
{
PostLogoutRedirectUri = logoutContext?.PostLogoutRedirectUri,
ClientName = logoutContext?.ClientName,
SignOutIframeUrl = logoutContext?.SignOutIFrameUrl
};
Logger.LogInformation($"Redirecting to LoggedOut Page...");
return(RedirectToPage("./LoggedOut", vm));
}
if (ReturnUrl != null)
{
return(LocalRedirect(ReturnUrl));
}
Logger.LogInformation(
$"IdentityServerSupportedLogoutModel couldn't find postLogoutUri... Redirecting to:/Account/Login..");
return(RedirectToPage("/Account/Login"));
}
private async Task <LoggedOutModel> BuildLoggedOutViewModelAsync(string logoutId)
{
// get context information (client name, post logout redirect URI and iframe for federated signout)
var logout = await this.interaction.GetLogoutContextAsync(logoutId);
var model = new LoggedOutModel
{
AutomaticRedirectAfterSignOut = AccountOptions.AutomaticRedirectAfterSignOut,
PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
ClientName = logout?.ClientId,
SignOutIframeUrl = logout?.SignOutIFrameUrl,
LogoutId = logoutId
};
var user = this.HttpContext.User;
if (user?.Identity.IsAuthenticated == true)
{
var idp = user.FindFirst(JwtClaimTypes.IdentityProvider)?.Value;
if (idp != null && idp != IdentityServer4.IdentityServerConstants.LocalIdentityProvider)
{
var providerSupportsSignout = await this.HttpContext.GetSchemeSupportsSignOutAsync(idp);
if (providerSupportsSignout)
{
if (model.LogoutId == null)
{
// if there's no current logout context, we need to create one
// this captures necessary info from the current logged in user
// before we signout and redirect away to the external IdP for signout
model.LogoutId = await this.interaction.CreateLogoutContextAsync();
}
model.ExternalAuthenticationScheme = idp;
}
}
}
return(model);
}
public override async Task <IActionResult> OnGetAsync()
{
await SignInManager.SignOutAsync();
var logoutId = Request.Query["logoutId"].ToString();
if (!string.IsNullOrEmpty(logoutId))
{
var logoutContext = await Interaction.GetLogoutContextAsync(logoutId);
await SaveSecurityLogAsync(logoutContext?.ClientId);
HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity());
var vm = new LoggedOutModel
{
PostLogoutRedirectUri = logoutContext?.PostLogoutRedirectUri,
ClientName = logoutContext?.ClientName,
SignOutIframeUrl = logoutContext?.SignOutIFrameUrl
};
Logger.LogInformation("Redirecting to LoggedOut Page...");
return(RedirectToPage("./LoggedOut", vm));
}
await SaveSecurityLogAsync();
if (ReturnUrl == null)
{
Logger.LogInformation(
"{ClassName} couldn't find postLogoutUri... Redirecting to the index page",
nameof(IdentityServerSupportedLogoutModel));
}
return(RedirectSafely(ReturnUrl, ReturnUrlHash));
}
public async Task <IActionResult> Logout(LogoutModel model)
{
var logout = await InteractionService.GetLogoutContextAsync(model.LogoutId);
var automaticRedirect = AuthorizationOptions.AutomaticRedirectionAfterSignOut && logout?.SignOutIFrameUrl != null;
var signoutCallbacks = TestStore
.GetClients()
.Where(client => client.LogoutUri != null)
.Select(client => client.LogoutUri)
.Where(logoutUrl =>
{
if (logout?.PostLogoutRedirectUri == null)
{
return(true);
}
else if (logoutUrl == null)
{
return(false);
}
else
{
var logoutUri = new Uri(logoutUrl);
var logoutDomain = logoutUri.IsDefaultPort ? $"{logoutUri.Scheme}://{logoutUri.Host}" : $"{logoutUri.Scheme}://{logoutUri.Host}:{logoutUri.Port}";
var postLogoutRedirectUri = new Uri(logout.PostLogoutRedirectUri);
var postLogoutDomain = postLogoutRedirectUri.IsDefaultPort ? $"{postLogoutRedirectUri.Scheme}://{postLogoutRedirectUri.Scheme}" : $"{postLogoutRedirectUri.Scheme}://{postLogoutRedirectUri.Scheme}:{postLogoutRedirectUri.Port}";
return(!logoutDomain.Equals(postLogoutDomain, StringComparison.OrdinalIgnoreCase));
}
});
var viewModel = new LoggedOutModel
{
AutomaticRedirectAfterSignOut = automaticRedirect,
PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
ClientName = logout?.ClientId,
SignoutCallbacks = signoutCallbacks,
//SignOutIframeUrl = logout?.SignOutIFrameUrl
};
var externalProvider = await GetExternalProviderAsync();
if (externalProvider != null)
{
var logoutId = model.LogoutId ?? await InteractionService.CreateLogoutContextAsync();
var url = Url.Action(nameof(Logout), new { logotId = model.LogoutId });
try
{
var logoutProperties = new AuthenticationProperties {
RedirectUri = url
};
await HttpContext.Authentication.SignOutAsync(externalProvider, logoutProperties);
}
catch (NotSupportedException)
{
// hacks for external providers which dont have signout.
}
catch (InvalidOperationException)
{
//hack for windows negotiate.
}
}
// dlete the local authentication cooie
await HttpContext.Authentication.SignOutAsync();
return(View("LoggedOut", viewModel));
}
