[BUG] After explicit logout, hit on login, then it is automatically recognized instead of showing the login page dotnet-architecture#626

erikpique · erikpique · commit 641b73222468 · 2018-10-10T10:55:00.000+02:00
dotnet-architecture#626
diff --git a/src/Services/Identity/Identity.API/Controllers/AccountController.cs b/src/Services/Identity/Identity.API/Controllers/AccountController.cs
@@ -1,4 +1,9 @@
-﻿using IdentityModel;
+﻿using System;
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using IdentityModel;
 using IdentityServer4;
 using IdentityServer4.Models;
 using IdentityServer4.Services;
@@ -11,11 +16,6 @@
 using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels;
 using Microsoft.eShopOnContainers.Services.Identity.API.Services;
 using Microsoft.Extensions.Logging;
-using System;
-using System.Linq;
-using System.Security.Claims;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
 
 namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
 {
@@ -92,7 +92,7 @@ public async Task<IActionResult> Login(LoginViewModel model)
                     };
 
                     await _loginService.SignIn(user);
-                   
+
                     // make sure the returnUrl is still valid, and if yes - redirect back to authorize endpoint
                     if (_interaction.IsValidReturnUrl(model.ReturnUrl))
                     {
@@ -113,7 +113,7 @@ public async Task<IActionResult> Login(LoginViewModel model)
             return View(vm);
         }
 
-        async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl, AuthorizationRequest context)
+        private async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl, AuthorizationRequest context)
         {
             var allowLocal = true;
             if (context?.ClientId != null)
@@ -132,7 +132,7 @@ async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl, Authorizat
             };
         }
 
-        async Task<LoginViewModel> BuildLoginViewModelAsync(LoginViewModel model)
+        private async Task<LoginViewModel> BuildLoginViewModelAsync(LoginViewModel model)
         {
             var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
             var vm = await BuildLoginViewModelAsync(model.ReturnUrl, context);
@@ -193,7 +193,7 @@ public async Task<IActionResult> Logout(LogoutViewModel model)
 
                 try
                 {
-                    
+
                     // hack: try/catch to handle social providers that throw
                     await HttpContext.SignOutAsync(idp, new AuthenticationProperties
                     {
@@ -209,6 +209,8 @@ public async Task<IActionResult> Logout(LogoutViewModel model)
             // delete authentication cookie
             await HttpContext.SignOutAsync();
 
+            await HttpContext.SignOutAsync(IdentityConstants.ApplicationScheme);
+
             // set this so UI rendering sees an anonymous user
             HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity());
 
