大家好,我需要一些建议或指针来解决问题。我有一个非常简单的Identity Server 4设置:
- 使用ASP.NET Identity的Identity Server 4
- ASP.NET Core 2.2 MVC客户端
我想在用户停止活动10分钟后自动注销。在下面的示例中,我使用了10秒钟来加速测试。身份验证、重定向和用户强制注销使用下面的代码可以正常工作。但是,当用户空闲时间超过设定的10秒时,用户仍然登录,并且没有被重定向到IDS主机的登录页面。
MVC客户端使用混合授权进行设置:
客户端定义
var mvcClient = new Client
{
ClientId = "account-mvc",
ClientName = "Account MVC",
ClientUri = "https://localhost:5002",
AllowedGrantTypes = GrantTypes.Hybrid,
ClientSecrets = { new Secret("secret".Sha256()) },
EnableLocalLogin = true,
RequireConsent = false,
AllowOfflineAccess = false,
AccessTokenLifetime = 10, // 10 s by intention
IdentityTokenLifetime = 10, // 10 s by intention
RedirectUris = "https://localhost:5002/signin-oidc",
PostLogoutRedirectUris = "https://localhost:5002/signout-callback-oidc",
FrontChannelLogoutUri = "https://localhost:5002/signout-oidc",
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
},
};
身份验证服务器选项
services.AddIdentityServer(options =>
{
options.Authentication.CheckSessionCookieName = "auth-cookie";
options.Authentication.CookieLifetime = new System.TimeSpan(0, 0, 10);
options.Authentication.CookieSlidingExpiration = false;
options.Csp.Level = IdentityServer4.Models.CspLevel.Two;
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.Add... // Left out for brevity
在MVC客户端的启动过程中,我添加了以下内容:
MVC客户端启动
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromSeconds(10);
options.SlidingExpiration = false;
options.Cookie.Name = "mvc-cookie";
})
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "https://localhost:5001/";
options.ClientId = "account-mvc";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
});
在Configure
方法中添加了app.UseAuthentication()
。
问题
如何确保用户在会话超时后在身份验证服务器上注销?任何提示和帮助都将不胜感激!