【问题标题】:Keycloak Log out from ASP.NET and ASP.NET CoreKeycloak Log out from ASP.NET and ASP.NET Core
【发布时间】:2022-12-28 05:01:14
【问题描述】:

Currently I am able to login from ASP.NET and ASP.NET Core. However when logout from ASP.NET, my ASP.NET Core app doesn't logout as well.

Here is my ASP.NET logout code:

public ActionResult logout()
{
    Request.GetOwinContext().Authentication.SignOut(HttpContext.GetOwinContext().Authentication.GetAuthenticationTypes().Select(o => o.AuthenticationType).ToArray());
    return RedirectToAction("About", "Home");
}

And my ASP.NET Core logout:

public IActionResult Logout()
{
    return new SignOutResult(new[] { "OpenIdConnect", "Cookies" });
}

Unfortunately, if I logout from the ASP.NET app, my ASP.NET Core app doesn't logout automatically. Is it something wrong with my keycloak setting, or did I miss something in my code?

【问题讨论】:

    标签: asp.net-core asp.net-core-mvc keycloak


    【解决方案1】:

    Go through the https://github.com/dotnet/aspnetcore/blob/4fa5a228cfeb52926b30a2741b99112a64454b36/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L312-L315

    services.AddAuthentication(...)
        .AddCookie("Cookies")
        .AddOpenIdConnect("OpenIdConnect", options =>
        {
            ...
            options.Events.OnSignedOutCallbackRedirect += context =>
            {
                context.Response.Redirect(context.Options.SignedOutRedirectUri);
                context.HandleResponse();
    
                return Task.CompletedTask;
            };
            ...
        });
    

    【讨论】:

    【解决方案2】:

    It is working for me. I used code similar to yours:

    public IActionResult Logout()
        {
            return new SignOutResult(
                new[] { 
                    OpenIdConnectDefaults.AuthenticationScheme,
                    CookieAuthenticationDefaults.AuthenticationScheme 
                });
        }
    

    If you get invalid redirect error from keycloak, then you must also add Valid post logout redirect URIs to your Keycloak client settings. In your case, you have to add your_host/signout-callback-oidc

    If you get an invalid or missing id_token_hint parameter, then make sure that tokens are being saved:

        .AddOpenIdConnect(options =>
    {
        options.SaveTokens = true;
    });
    

    【讨论】:

      猜你喜欢
      • 2017-06-02
      • 2020-03-05
      • 1970-01-01
      • 2022-12-28
      • 1970-01-01
      • 1970-01-01
      • 2021-08-04
      • 2019-06-24
      • 1970-01-01
      相关资源
      最近更新 更多