private async Task <LogoutViewModel> BuildLogoutViewModelAsync(string logoutId)
{
var vm = new LogoutViewModel {
LogoutId = logoutId, ShowLogoutPrompt = true
};
if (User?.Identity.IsAuthenticated != true)
{
vm.ShowLogoutPrompt = false;
return(vm);
}
var context = await _interaction.GetLogoutContextAsync(logoutId);
if (context?.ShowSignoutPrompt == false)
{
vm.ShowLogoutPrompt = false;
return(vm);
}
return(vm);
}
public async Task <IActionResult> Logout(LogoutViewModel model)
{
var subjectId = HttpContext.User.Identity.GetSubjectId();
var vm = new LoggedOutViewModel
{
LogoutId = model.LogoutId
};
if (User?.Identity.IsAuthenticated == true)
{
var idp = User.FindFirst(JwtClaimTypes.IdentityProvider)?.Value;
if (idp != null && idp != IdentityServer4.IdentityServerConstants.LocalIdentityProvider)
{
var providerSupportsSignout = await HttpContext.GetSchemeSupportsSignOutAsync(idp);
if (providerSupportsSignout)
{
//if (vm.LogoutId == null)
//{
// // if there's no current logout context, we need to create one
// // this captures necessary info from the current logged in user
// // before we signout and redirect away to the external IdP for signout
// vm.LogoutId = await _interaction.CreateLogoutContextAsync();
//}
vm.ExternalAuthenticationScheme = idp;
}
}
}
if (vm.LogoutId == null)
{
// if there's no current logout context, we need to create one
// this captures necessary info from the current logged in user
// before we signout and redirect away to the external IdP for signout
vm.LogoutId = await _interaction.CreateLogoutContextAsync();
}
if (User?.Identity.IsAuthenticated == true)
{
// delete local authentication cookie
await _signInManager.SignOutAsync();
// raise the logout event
await _events.RaiseAsync(new UserLogoutSuccessEvent(User.GetSubjectId(), User.GetDisplayName()));
}
// set this so UI rendering sees an anonymous user
HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity());
// get context information (client name, post logout redirect URI and iframe for federated signout)
var logout = await _interaction.GetLogoutContextAsync(vm.LogoutId);
vm.AutomaticRedirectAfterSignOut = AccountOptions.AutomaticRedirectAfterSignOut;
vm.PostLogoutRedirectUri = logout?.PostLogoutRedirectUri;
vm.ClientName = string.IsNullOrEmpty(logout?.ClientName) ? logout?.ClientId : logout?.ClientName;
vm.SignOutIframeUrl = logout?.SignOutIFrameUrl;
if (logout?.ClientId != null)
{
//await _persistedGrantService.RemoveAllGrantsAsync(subjectId, "singleapp");
await _persistedGrantService.RemoveAllGrantsAsync(subjectId, logout?.ClientId);
}
//check if we need to trigger sign-out at an upstream identity provider
if (vm.TriggerExternalSignout)
{
// build a return URL so the upstream provider will redirect back
// to us after the user has logged out. this allows us to then
// complete our single sign-out processing.
string url = Url.Action("Logout", new { logoutId = vm.LogoutId });
// this triggers a redirect to the external provider for sign-out
return(SignOut(new Microsoft.AspNetCore.Authentication.AuthenticationProperties {
RedirectUri = url
}, vm.ExternalAuthenticationScheme));
}
if (string.IsNullOrWhiteSpace(vm.PostLogoutRedirectUri))
{
return(View("LoggedOut", vm));
}
else
{
return(Redirect(vm.PostLogoutRedirectUri));
}
}