OWIN OpenId身份验证-注销后的活动会话

从应用程序注销时，还必须从Identity server注销。否则，您的应用程序将被重定向到身份服务器，重新进行身份验证并重新登录。检查通知下的以下代码片段：

app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,    
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
}
);

你会在这里找到一些OWIN中间件设置的例子(虽然不是你问题的直接答案(

不确定这个答案是否能帮助其他人，但这里的链接提供了一些关于如何使用MVC应用程序设置openId的更多信息。

更改中间件配置

添加OpenId&startup.cs文件中的Cookies身份验证中间件。将ResponseType设置为Id_token以使openId注销也起作用。

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieHttpOnly = true,
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
CookieName = "AppCookies",
ExpireTimeSpan = TimeSpan.FromMinutes(30),
SlidingExpiration = true
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44319/identity",

ClientId = "mvc",
Scope = "openid profile roles",
RedirectUri = "https://localhost:44319/",
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
var id = n.AuthenticationTicket.Identity;
// we want to keep first name, last name, subject and roles
var givenName = id.FindFirst(Constants.ClaimTypes.GivenName);
var familyName = id.FindFirst(Constants.ClaimTypes.FamilyName);
var sub = id.FindFirst(Constants.ClaimTypes.Subject);
var roles = id.FindAll(Constants.ClaimTypes.Role);
// create new identity and set name and role claim type
var nid = new ClaimsIdentity(
id.AuthenticationType,
Constants.ClaimTypes.GivenName,
Constants.ClaimTypes.Role);
nid.AddClaim(givenName);
nid.AddClaim(familyName);
nid.AddClaim(sub);
nid.AddClaims(roles);
// add some other app specific claim
nid.AddClaim(new Claim("app_specific", "some data"));                   
n.AuthenticationTicket = new AuthenticationTicket(
nid,
n.AuthenticationTicket.Properties);

return Task.FromResult(0);    
},
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if ((int)n.ProtocolMessage.RequestType ==                     (int)OpenIdConnectRequestType.Logout)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst(Startup.IdToken);
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});

添加注销

添加注销很容易，只需在Katana身份验证管理器中添加一个调用Signout方法的新操作：

public ActionResult Logout()
{
Session.Abandon();

// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.HttpOnly = true;
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
// clear site cookie
var siteCookie = new HttpCookie("AppCookies", "");
siteCookie.HttpOnly = true;
siteCookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(siteCookie);

Request.GetOwinContext().Authentication.SignOut();
return Redirect("/");
}