Base solution for your next web application
Open Closed

Logout issue with IdentityServer #7749


User avatar
0
Ricavir created

I have added an Identity Server authorization code flow to my project (aspe.net core + angular) The UI is made with MVC and has been picked from IdentityServer QuickStartUI and zero MVC project.

While I can grant access to the API with this new UI (made a test with Zapier), I realize that after this process, I can't logout from my angular app. I don't know if it is because of a shared cookie... I might be doing something wrong in the login process.

The code for the AccountController (login method) is above :


[HttpPost]
        [UnitOfWork]
        public virtual async Task<JsonResult> Login(LoginViewModel loginModel, string returnUrl = "", string returnUrlHash = "", string ss = "")
        {
            returnUrl = NormalizeReturnUrl(returnUrl);
            if (!string.IsNullOrWhiteSpace(returnUrlHash))
            {
                returnUrl = returnUrl + returnUrlHash;
            }

            string tenancyNameForLogin = loginModel.TenancyName;
            if (String.IsNullOrEmpty(tenancyNameForLogin))
                //Check if tenancy name can resolved from cache
                tenancyNameForLogin = GetTenancyNameOrNull();

            var loginResult = await GetLoginResultAsync(loginModel.UserNameOrEmailAddress, loginModel.Password, tenancyNameForLogin);
            
            if (loginResult.Result == AbpLoginResultType.Success)
            {
                loginResult.User.SetSignInToken();
                returnUrl = AddSingleSignInParametersToReturnUrl(returnUrl, loginResult.User.SignInToken, loginResult.User.Id, loginResult.User.TenantId);
            }            

            var signInResult = await _signInManager.SignInOrTwoFactorAsync(loginResult, true);

            Debug.Assert(signInResult.Succeeded);

            await UnitOfWorkManager.Current.SaveChangesAsync();

            return Json(new AjaxResponse { TargetUrl = returnUrl });
        }

Do you know how I can authorize a user (with IS4 authorization code flow) without impacting currentuser session (cache or cookie or...) ?


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @ricavir

    We can continue to work on your problem via email conversation and write the result here.

  • User Avatar
    0
    Ricavir created

    Thank you for your support. The reason of the logout issue was due to login from MVC (with identityserver) and angular in same browser : in fact, cookies are created from both MVC and angular that are hosted in same domain.

    @maliming gave me 2 solutions : rebuild idenityserver UI on angular side (which was not my goal in this context) or trying to logout from MVC side before angular logout.

    I've prefered second solution and it works like a charm.

  • User Avatar
    0
    BTTCorp created

    I am facing similar issue, but i am not able to logout when refressing token. when i am trying to debug from the server side, i got thi error Signature validation failed. Unable to match keys. is this issues resolved ?