OpenIdConnectと連携してソーシャルサインアウトが動作しない

Question

OpenIdConnect認証（Azure認証用）とGoogle、Facebook、Microsoftアカウントの認証プロバイダを使用してMVC Webアプリケーションを作成しました。

public void ConfigureAuth(IAppBuilder app) 
    { 
     if (Config.TaskboardUserSource == Config.DirectoryService.AzureAD) 
     { 
      app.CreatePerOwinContext(ApplicationDbContext.Create); 
      app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); 
      app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create); 

      app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); 
      app.UseCookieAuthentication(new CookieAuthenticationOptions 
      { 
       ExpireTimeSpan = new TimeSpan(6, 0, 0), 
       SlidingExpiration = true, 

       AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, 
       LoginPath = new PathString("/Home/Index"), 
       Provider = new CookieAuthenticationProvider 
       { 
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
         validateInterval: TimeSpan.FromMinutes(30), 
         regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) 
       } 
      }); 

    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); 


    app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); 
        app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); 

      app.UseOpenIdConnectAuthentication(
       new OpenIdConnectAuthenticationOptions 
       { 
        ClientId = Config.ClientId, 
        Authority = string.Format("{0}common", Config.AadInstance), 
        UseTokenLifetime = false, 
        TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters 
        { 
         ValidateIssuer = false, 
        }, 
        Notifications = new OpenIdConnectAuthenticationNotifications() 
        { 
         SecurityTokenValidated = (context) => 
         { 
          return Task.FromResult(0); 
         }, 
         AuthorizationCodeReceived = (context) => 
         { 
          var code = context.Code; 

          ClientCredential credential = new ClientCredential(Config.ClientId, Config.AppKey); 
          string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; 
          string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; 

          AuthenticationContext authContext = new AuthenticationContext(string.Format("{0}{1}", Config.AadInstance, tenantID), new ADALTokenCache(signedInUserID)); 
          AuthenticationResult result = authContext.AcquireTokenByAuthorizationCodeAsync(
           code, 
           new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), 
           credential, 
           Config.GraphResourceID).Result; 

          return Task.FromResult(0); 
         }, 

         RedirectToIdentityProvider = (context) => 
         { 
          // This ensures that the address used for sign in and sign out is picked up dynamically from the request 
          // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings 
          // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. 
          string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; 
          context.ProtocolMessage.RedirectUri = appBaseUrl + "/"; 
          context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; 

          return Task.FromResult(0); 
         }, 


         AuthenticationFailed = (context) => 
         { 
          context.OwinContext.Response.Redirect("/Home/Index"); 
          context.HandleResponse(); // Suppress the exception 
          return Task.FromResult(0); 
         } 
        } 
       }); 

      var facebookAuthenticationOptions = new FacebookAuthenticationOptions() 
      { 
       AppId = Config.FBAppId, 
       AppSecret = Config.FBAppSecret, 
       UserInformationEndpoint = Config.FBUserInformationEndpoint 

      }; 
      facebookAuthenticationOptions.Scope.Add("email"); 
      app.UseFacebookAuthentication(facebookAuthenticationOptions); 

      app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() 
      { 
       ClientId = Config.GoogleClientId, 
       ClientSecret = Config.GoogleClientSecret 
      }); 

      var microsoftOptions = new MicrosoftAccountAuthenticationOptions() 
      { 
       ClientId = Config.MSAppId, 
       ClientSecret = Config.MSAppSecret, 
      }; 
      microsoftOptions.Scope.Add("wl.basic"); 
      microsoftOptions.Scope.Add("wl.emails"); 
      app.UseMicrosoftAccountAuthentication(microsoftOptions); 
     } 
    } 

すべての認証オプションが正常に動作：

StartupAuthでの設定は、次のようになります。

私がサインアウトしたいとき、サインアウトはOpenIdConnect Signoutだけです。 他のすべての認証プロバイダについては、クッキーは引き続き利用でき、「ログオン」ボタンをクリックするだけで、パスワードを尋ねずに保護されたページが表示されます。

私のサインアウトは次のようになります。

public void SignOut() 
    { 
     string callbackUrl = Url.Action("SignOutCallback", "Account", routeValues: null, protocol: Request.Url.Scheme); 
     HttpContext.GetOwinContext().Authentication.SignOut(
      new AuthenticationProperties { RedirectUri = callbackUrl }, 
      HttpContext.GetOwinContext() 
         .Authentication.GetAuthenticationTypes() 
         .Select(o => o.AuthenticationType).ToArray()); 
     HttpContext.GetOwinContext().Authentication.SignOut(
      new AuthenticationProperties { RedirectUri = callbackUrl }, 
      CookieAuthenticationDefaults.AuthenticationType); 
    } 

は、どのように私は、ユーザーがサインアウトされていることを確認することができますし、スタートページにリダイレクトされますか？

Answer 1

ログアウトプロバイダごとにサインアウトを行うために、サインアウトコードにswitch case文を挿入した後、最終的に動作します。ここに私のコードです：

public async Task<ActionResult> SignOut() 
    { 
     var currentUser = await UserService.CurrentUser(); 
     if (currentUser != null) 
     { 
      var redirectUrl = Request.GetBaseUrl(); 
      var loginProviders = new string[] { 
         "Google", 
         "TwoFactorRememberBrowser", 
         "TwoFactorCookie", 
         "ExternalCookie", 
         "ApplicationCookie" 
       }; 
      switch (currentUser.LoginProvider) 
      { 
       case LogonProvider.FacebookProviderKey: 
        { 
         loginProviders = new string[] { 
         "Facebook", 
         "TwoFactorRememberBrowser", 
         "TwoFactorCookie", 
         "ExternalCookie", 
         "ApplicationCookie" }; 
         break; 
        } 
       case LogonProvider.GoogleProviderKey: 
        { 

         loginProviders = new string[] { 
         "Google", 
         "TwoFactorRememberBrowser", 
         "TwoFactorCookie", 
         "ExternalCookie", 
         "ApplicationCookie" }; 
         //return new RedirectResult($"https://www.google.com/accounts/Logout"); 
         break; 
        } 
       case LogonProvider.MicrosoftProviderKey: 
        { 
         loginProviders = new string[] { 
         "Microsoft", 
         "TwoFactorRememberBrowser", 
         "TwoFactorCookie", 
         "ExternalCookie", 
         "ApplicationCookie" }; 
         break; 
        } 
       default: 
        { 
         loginProviders = new string[] { 
         "Office365", 
         "TwoFactorRememberBrowser", 
         "TwoFactorCookie", 
         "ExternalCookie", 
         "ApplicationCookie" }; 
         break; 
        } 
      } 

      HttpContext.GetOwinContext().Authentication.SignOut(new AuthenticationProperties { RedirectUri = redirectUrl }, loginProviders); 
     } 
     return RedirectToAction("Index", "Home"); 
    }