Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Improve Principal handling for OIDC and resolve Logout issue (caused by AntiForgeryToken)

Browse Source
This commit is contained in:
Shaun Walker
2022-03-14 22:28:41 -04:00
parent 9b69e135d9
commit d51ba8f6dd
3 changed files with 23 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Oqtane.Client/Themes/Controls/Theme/LoginBase.cs
View File

@ -1,4 +1,5 @@
using System;
using System.Net;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Components;
using Microsoft.JSInterop;
@ -34,24 +35,25 @@ namespace Oqtane.Themes.Controls
{
await UserService.LogoutUserAsync(PageState.User);
await LoggingService.Log(PageState.Alias, PageState.Page.PageId, PageState.ModuleId, PageState.User.UserId, GetType().AssemblyQualifiedName, "Logout", LogFunction.Security, LogLevel.Information, null, "User Logout For Username {Username}", PageState.User.Username);
PageState.User = null;
bool authorizedtoviewpage = UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions);
var url = PageState.Alias.Path + "/" + PageState.Page.Path;
if (!UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, PageState.Page.Permissions))
{
url = PageState.Alias.Path;
}
if (PageState.Runtime == Shared.Runtime.Server)
{
// server-side Blazor needs to post to the Logout page
var fields = new { __RequestVerificationToken = SiteState.AntiForgeryToken, returnurl = !authorizedtoviewpage ? PageState.Alias.Path : PageState.Alias.Path + "/" + PageState.Page.Path };
string url = Utilities.TenantUrl(PageState.Alias, "/pages/logout/");
var interop = new Interop(jsRuntime);
await interop.SubmitForm(url, fields);
// server-side Blazor needs to redirect to the Logout page
NavigationManager.NavigateTo(Utilities.TenantUrl(PageState.Alias, "/pages/logout/") + "?returnurl=" + WebUtility.UrlEncode(url), true);
}
else
{
// client-side Blazor
var authstateprovider = (IdentityAuthenticationStateProvider)ServiceProvider.GetService(typeof(IdentityAuthenticationStateProvider));
authstateprovider.NotifyAuthenticationChanged();
NavigationManager.NavigateTo(NavigateUrl(!authorizedtoviewpage ? PageState.Alias.Path : PageState.Page.Path, true));
NavigationManager.NavigateTo(NavigateUrl(url, true));
}
}
}