0

我在 Umbraco 中有一个使用 OWIN/OIDC 的身份验证模块,针对我们的 Azure AD B2C 资源进行身份验证。作为此模块的一部分,有一个 LogOut 控制器方法,它可以正常工作。

我们正在尝试为 Azure 租户中的应用程序开发单点注销。我们仍在努力让 Azure AD B2C 为每个应用程序调用注销方法。为了测试从其他应用程序注销的启动,我在我们的一个自定义应用程序(也通过 Azure AD B2C 进行身份验证)中设置了一个 iframe,当用户从该应用程序注销时,它在我们的 Umbraco 实现中调用 LogOut 方法。我可以看到,当外部方法打开 iframe 时,正在调用 LogOut 方法,并且所有对象看起来都与从 Umbraco 中调用该方法时相同。但是,用户并未从应用程序中注销。身份验证 cookie,即 .AspNet.ApplicationCookie,SameSite 为 None,Secure 为 true,HttpOnly 为 false,但是当 Umbraco 调用该方法时,它不会被删除。

任何有关如何使 LogOut 方法从外部应用程序工作的提示将不胜感激。

这是我的配置:

      private void ConfigureAzureB2CAuthentication(object sender, OwinMiddlewareConfiguredEventArgs args) {
         //get appbuilder
         AppBuilder app = (AppBuilder)args.AppBuilder;
         app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ApplicationCookie);

         app.UseCookieAuthentication(Current.Factory.GetInstance<FrontEndCookieAuthenticationOptions>(), PipelineStage.Authenticate);
         //Set configuration on appbuilder
         app.UseOpenIdConnectAuthentication(
             new OpenIdConnectAuthenticationOptions {
                MetadataAddress = string.Format(
                     ConfigurationManager.AppSettings["ida:AzureInstance"],
                     ConfigurationManager.AppSettings["ida:Tenant"],
                     ConfigurationManager.AppSettings["ida:SignUpSignInPolicyId"]),
                ClientId = ConfigurationManager.AppSettings["ida:ClientId"],
                RedirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"],
                PostLogoutRedirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"],
                Notifications = new OpenIdConnectAuthenticationNotifications {
                   RedirectToIdentityProvider = OnRedirectToIdentityProvider,
                   AuthorizationCodeReceived = OnAuthorizationCodeReceived,
                   AuthenticationFailed = OnAuthenticationFailed
                },
                TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters {
                   NameClaimType = ConfigurationManager.AppSettings["ida:ClaimsLabelEmail"],
                   ValidateIssuer = false
                },
                Scope = ConfigurationManager.AppSettings["ida:ScopesOpenIDConnect"],

             });

         //reafirm backoffice and preview authentication
         app.UseUmbracoBackOfficeCookieAuthentication(_umbracoContextAccessor, _runtimeState, _userService, _globalSettings, _securitySection, PipelineStage.Authenticate)
            .UseUmbracoBackOfficeExternalCookieAuthentication(_umbracoContextAccessor, _runtimeState, _globalSettings, PipelineStage.Authenticate)
            .UseUmbracoPreviewAuthentication(_umbracoContextAccessor, _runtimeState, _globalSettings, _securitySection, PipelineStage.PostAuthenticate);
      }

这是 LogOut 方法:

      public void LogOut(string redirectUrl = "/") {
         if (Request.IsAuthenticated) {
            RemoveLoggedInMemberAccessToken();
            IEnumerable<AuthenticationDescription> authTypes = HttpContext.GetOwinContext().Authentication.GetAuthenticationTypes();
            AuthenticationProperties authenticationProperties = new AuthenticationProperties { RedirectUri = redirectUrl };
            HttpContext.GetOwinContext().Authentication.SignOut(authenticationProperties, authTypes.Select(t => t.AuthenticationType).ToArray());
         }
      }
4

0 回答 0