I have a application where i have used identity server for authentication. I have some issue over there. Whenever i tried to log out from the system the system doesn’t log out. It redirects to home page even if i have logged out. This is how i have configured my startup class
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(options =>
{
options.Cookie.Name = IdentityConstants.ApplicationScheme;
options.ExpireTimeSpan = TimeSpan.FromMinutes(1);
options.LogoutPath = "/Home/Logout";
})
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = builder.Environment.IsDevelopment() ? appSetting.Development.IdentityServerUrl : appSetting.Production.IdentityServerUrl;
options.RequireHttpsMetadata = false;
options.ClientId = "technosys-inv-ui";
options.ClientSecret = "technosys-inv-secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("technosys-inv-api");
options.ClaimActions.MapJsonKey("website", "website");
});
builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.IsEssential = true;
options.Cookie.SameSite = SameSiteMode.Unspecified;
});
And this is my log out action
[AllowAnonymous]
public async Task Logout()
{
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties
{
RedirectUri = "/"
});
}
This is how i have configure client in identity server project.
public static IEnumerable<Client> GetClients(IConfiguration configuration)
{
AppSettings appSettings = configuration.GetSection("AppSettings").Get<AppSettings>();
AppSetting appSetting = null;
if (appSettings.Environment == "Development")
appSetting = appSettings.Development;
else
appSetting = appSettings.Production;
return new[]
{
// client credentials flow client
new Client
{
ClientId = "technosys-inv-ui",
ClientName = "Technosys Inventory UI",
RedirectUris = { appSetting.AdminClientUrl + "signin-oidc" },
PostLogoutRedirectUris = { appSetting.AdminClientUrl },
FrontChannelLogoutUri = appSetting.AdminClientUrl + "signout-oidc",
AllowedGrantTypes = GrantTypes.Hybrid,
ClientSecrets = { new Secret("technosys-inv-secret".ToSha256()) },
AllowOfflineAccess = true,
AllowedScopes = { "technosys-inv-api", "openid","profile" },
RequireConsent = false,
}
};
}
This is my client application
If i click the logout button it redirects to identity server pages and prompt, you are logged out.
But if i click here tag it redirect to client home page instead it should show the login page after logout.
NOTE: Log out work on local but doesnot work on production
Any help would be appreciated thanks …!!!
2
Answers
I typically use this method to trigger the logout:
Also, I would suggest that you should be consistent with the naming of the authentication handlers, and don’t mix your own strings and the default names.
and
It’s easy to make a bug where you accidentally rename the string values. Consistency is the key here.
Also, options.LogoutPath = "/Home/Logout"; needs to match the exact URL to your logout page.
I would also set options.Cookie.SameSite = SameSiteMode.Unspecified; to strict if possible.
Using middleware, you can detect the unauthenticated user and issue a challenge to redirect to login page.
You may also need to detect whether there is a signout in progress, I don’t have the code for that off the top of my head but it should be added into the
ifcondition if it is relevant for your situation.