Open Closed

OpenID single signout logout questions #10666


0
acmeware created

What is your product version? 10.3 What is your product type (Angular or MVC)? MVC What is product framework type (.net framework or .net core)? Core

I am trying to adjust the logout process so that OpenID can use single signout. I have it mostly working by redirecting to the OpenID logout url, but I am lacking the ability to identify the current user login source (LDAP, OpenID, ANZ) in order to skip the OpenID logout url for LDAP, etc.

Please help with the following questions:

How can tell if the currently signed in user did so via OpenID vs a password or LDAP?

Why are users allowed to have passwords if they registered using OpenID or other social logins? If by design, what is the recommended way to prevent setting a password and circumventing the openID login entirely?


3 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @acmeware

    How can tell if the currently signed in user did so via OpenID vs a password or LDAP?

    You can query AbpUserLogins table.

    Why are users allowed to have passwords if they registered using OpenID or other social logins? If by design, what is the recommended way to prevent setting a password and circumventing the openID login entirely?

    When a user is logged in via an external auth provider, a local user is created. You can't change this behaviour but you can disable login form if you wish.

  • 0
    acmeware created

    I was able to find LDAP in the AbpUsers table but there is no related row in AbpUserLogins after the user logs in. The AbpUserLogins table doesn't appear to address if the user is currently logged in via password vs OpenID, only OpenID. The rows in the AbpUserLogins do not change or remove if you switch to password authentication or when the OpenID session is logged out. I guess what I am saying is this is not a 100% way to find out how the user logged in and in order to redirect the user after logout. Are there session variables to see how the current user is logged in?

  • 0
    ismcagdas created
    Support Team

    Hi @acmeware

    You are right, this table only stores external authentications excluding LDAP. At the moment, there is no way to know which provider is used during hte login. You can add a new field to AbpSession (see https://aspnetboilerplate.com/Pages/Documents/Articles\How-To\add-custom-session-field-aspnet-core) and store the provider information here.