How to specify custom logout URL when using Azure AD authentication in .NET core

问题

I have an ASP.NET core 2.2 web application that uses work or school accounts (Azure AD authentication). When I sign out, the application ends up at

/AzureAD/Account/SignedOut

I'd like for it to redirect back to the home page using the Logout URL specified in the application registration. See below for screenshot. When specifying a logout URL here, Azure AD does in fact call that page (to clear session data), but then it finally ends up at the /AzureAD/Account/SignedOut location. I don't see anywhere else to specify the equivalent of a logout URL. Here is the code for the sign out button as generated by Visual Studio when using Azure AD authentication.

<a asp-area="AzureAD" asp-controller="Account" asp-action="SignOut">Sign out</a>

I've also tried adding the redirect directly onto the action.

<a asp-area="AzureAD" asp-controller="Account" asp-route-post_logout_redirect_uri="https://localhost:44381" asp-action="SignOut">Sign out</a>

回答1:

The issue happens because the embeded AccountController.cs in ASP.NET core returns to the URL you mentioned:

        [HttpGet("{scheme?}")]
        public IActionResult SignOut([FromRoute] string scheme)
        {
            scheme = scheme ?? AzureADDefaults.AuthenticationScheme;
            var options = Options.Get(scheme);
            var callbackUrl = Url.Page("/Account/SignedOut", pageHandler: null, values: null, protocol: Request.Scheme);
            return SignOut(
                new AuthenticationProperties { RedirectUri = callbackUrl },
                options.CookieSchemeName,
                options.OpenIdConnectSchemeName);
        }

A workaround is to build you own AccountController instead of using the default one shipped with ASP.NET CORE, like below:

 public class AccountController : Controller
    {
        [HttpGet]
        public IActionResult SignIn()
        {
            var redirectUrl = Url.Action(nameof(HomeController.Index), "Home");
            return Challenge(
                new AuthenticationProperties { RedirectUri = redirectUrl },
                OpenIdConnectDefaults.AuthenticationScheme);
        }

        [HttpGet]
        public IActionResult SignOut()
        {
            var callbackUrl = Url.Action(nameof(SignedOut), "Account", values: null, protocol: Request.Scheme);
            return SignOut(
                new AuthenticationProperties { RedirectUri = callbackUrl },
                CookieAuthenticationDefaults.AuthenticationScheme,
                OpenIdConnectDefaults.AuthenticationScheme);
        }

        [HttpGet]
        public IActionResult SignedOut()
        {
            if (User.Identity.IsAuthenticated)
            {
                // Redirect to home page if the user is authenticated.
                return RedirectToAction(nameof(HomeController.Index), "Home");
            }

            return RedirectToAction(nameof(HomeController.Index), "ThePathYouWant");
        }

        [HttpGet]
        public IActionResult AccessDenied()
        {
            return View();
        }
    }

回答2:

One way is to use custom URL Rewriting Middleware to redirect by checking the path , put below codes before app.UseMvc:

app.UseRewriter(
    new RewriteOptions().Add(
        context => { if (context.HttpContext.Request.Path == "/AzureAD/Account/SignedOut")
            { context.HttpContext.Response.Redirect("/Home/Index"); }
        })
);

来源：https://stackoverflow.com/questions/56740143/how-to-specify-custom-logout-url-when-using-azure-ad-authentication-in-net-core