IdentityServer4注销MVC5应用程序

Question

在第1期和第2期之后,我无法从IS4退出.本地ASP.NET cookie不会被删除,我无法重新登录IS4.

它适用于Core MVC应用程序,但对于MVC5则不适用.

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        ClientId = "TRUX.NET",
        Authority = baseAddress,
        RedirectUri = $"http://localhost:2510/signin-oidc",
        PostLogoutRedirectUri = $"http://localhost:2510/signout-callback-oidc",
        ResponseType = "code id_token",
        Scope = "openid profile offline_access custom.profile AuthorizationWebApi Common.WebApi",

        TokenValidationParameters = new TokenValidationParameters
        {
            NameClaimType = "name",
            RoleClaimType = "role"
        },

        SignInAsAuthenticationType = "Cookies",
--------
                    RedirectToIdentityProvider = n =>
                {
                    // if signing out, add the id_token_hint
                    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                    {
                        var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
                        if (idTokenHint != null)
                        {
                            n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                        }
                    }
                    return Task.FromResult(0);
                }

服务器配置

            new Client
        {
            ClientId = "MVC50",
            ClientName = "MVC50 APP",
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
            RequireConsent = false,
            ClientSecrets= {new Secret("123456".Sha256()) },
            RedirectUris = { "http://localhost:2510/signin-oidc" }, 
            PostLogoutRedirectUris = {"http://localhost:2510/signout-callback-oidc"},
            AllowedScopes = {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                "custom.profile",
                "AuthorizationWebApi",
                "Common.WebApi"
            },
            AllowOfflineAccess = true                    
        }

如果有人能提供帮助,我将不胜感激.问候.

更新:

1. 我从服务器和客户端配置中删除了signout-callback-oidc.

2. 我的退出行动就是这个

    public async Task<ActionResult> SignOut()
   {
     Request.GetOwinContext().Authentication.SignOut(); 
     return Redirect("/");
   }
   

3. 不确定我可以调用结束会话端点.日志如下.

4. id_token_hint不为null

   | 1 | Microsoft.AspNetCore.Hosting.Internal.WebHost | INFO |请求启动HTTP/1.1选项http://www.abcdef.com:5000/connect/endsession?post_logout_redirect_uri=http%3a%2f%2flocalhost%3a2510%2f&id_token_hint =(提示)
   | 1 | Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware | DEBUG | OPTIONS请求不受支持| 0 | IdentityServer4.CorsPolicyProvider | DEBUG | CORS请求路径:/ connect/endsession from origin:http:// localhost: 2510但被拒绝,因为无效的CORS路径| 9 | Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware | DEBUG | AuthenticationScheme:Identity.Application未经过身份验证.| 0 | IdentityServer4.Hosting.EndpointRouter | DEBUG |请求路径/ connect/endsession与端点类型匹配EndSession | 0 | IdentityServer4.Hosting.EndpointRouter | DEBUG |为端点找到的映射:EndSession,创建处理程序:IdentityServer4.Endpoints.EndSessionEndpoint | 0 | IdentityServer4.Hosting.IdentityServerMiddleware | INFO |调用IdentityServer端点:IdentityServer4.Endpoints.EndSessionEndpoint用于/ connect/endsession | 0 | IdentityServer4.Endpoints.EndSessionEndpoint | WARN |结束会话端点的HTTP方法无效.| 0 | IdentityServer4.Hosting.IdentityServerMiddleware | TRACE |调用结果:IdentityServer4.Endpoints.Results.StatusCodeResult | 9 | Microsoft.AspNetCore.Server.Kestrel | DEBUG |连接ID"0HL3SPFTNB2FH"已完成保持活动响应.| 2 | Microsoft.AspNetCore.Hosting.Internal.WebHost | INFO |请求在1322.3713ms完成405