windows – 使用自定义STS从访问控制服务注销

public static void FederatedSignOut(string reply = null)
{
   WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;

   // Native FederatedSignOut doesn't seem to have a way for finding/registering realm for singout,get it from the FAM
   string wrealm = string.Format("wtrealm={0}",fam.Realm);

   // Create basic url for signout (wreply is set by native FederatedSignOut)
   string signOutUrl = WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(fam.Issuer,null,wrealm);

   // Check where to return,if not set ACS will use Reply address configured for the RP
   string wreply = !string.IsNullOrEmpty(reply) ? reply : (!string.IsNullOrEmpty(fam.Reply) ? fam.Reply : null);

   WSFederationAuthenticationModule.FederatedSignOut(new Uri(signOutUrl),!string.IsNullOrEmpty(wreply) ? new Uri(wreply) : null);

   // Remarks! Native FederatedSignout has an option for setting signOutUrl to null,even if the documentation tells otherwise.
   // If set to null the method will search for signoutUrl in Session token,but I couldn't find any information about how to set this. Found some Sharepoint code that use this
   // Michele Leroux Bustamante had a code example (from 2010) that also uses this form.
   // Other examples creates the signout url manually and calls redirect.

   // FAM has support for wsignoutcleanup1.0 right out of the box,there is no need for code to handle this.
   // That makes it even harder to understand why there are no complete FederatedSignOut method in FAM

   // When using native FederatedSignOut() no events for signout will be called,if you need this use the FAM SignOut methods instead.
}

此代码用于我们为带有ACS的Web SSO创建的标准RP库中.