问题描述
我们正在使用基于Azure AD开放ID连接cookie的身份验证,效果很好.为了注销,我们添加了单点注销,并使用以下代码注销了应用程序和Azure门户.
We are using Azure AD open Id connect cookies based authentication, that is working fine. For log out purpose, We added single sign out and log out the both application and azure portal using below code.
//从AAD和应用程序中注销用户
// Sign a user out of both AAD and the Application
public void Logout()
{
HttpContext.GetOwinContext().Authentication.SignOut(
新的AuthenticationProperties {RedirectUri = OwinStartup.PostLogoutRedirectUri},
OpenIdConnectAuthenticationDefaults.AuthenticationType,
CookieAuthenticationDefaults.AuthenticationType);
}
公共无效LogoutPage()
{
public void Logout()
{
HttpContext.GetOwinContext().Authentication.SignOut(
new AuthenticationProperties { RedirectUri = OwinStartup.PostLogoutRedirectUri },
OpenIdConnectAuthenticationDefaults.AuthenticationType,
CookieAuthenticationDefaults.AuthenticationType);
}
public void LogoutPage()
{
var redirectUrl = ConfigurationManager.AppSettings ["ida:PostLogoutRedirectUri"].ToString()+"Account/Logout/";
var logouturl = string.Format("https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri={0}" ;, redirectUrl);
Response.Redirect(logouturl);
}
var redirectUrl = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"].ToString() + "Account/Logout/";
var logouturl = string.Format("https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri={0}", redirectUrl);
Response.Redirect(logouturl);
}
但是此代码将应用程序注销,而不是在azure门户中.如果我注销该应用程序,则需要使cookie无效(但不会发生),并且也不会将其重定向到注销页面.如果我在注销之前从应用程序中获取了Asp.Net.Cookies(之后 (使用上述代码注销此会话),相同的asp.net.cookies会在新会话注销后验证应用程序,同时替换为现有的新会话asp.net.cookies.如果我接下来的一个小时不使用该Cookie,那它就抛出了 注销页面,只需一小时即可访问该应用程序.
But this code sign out the application, not in azure portal. If I logout the application then cookies need to be invalidated, but not happening and it's not redirected to logout page. If I took Asp.Net.Cookies from the application before logout(after that logout this session using above code), the same asp.net.cookies validating the application after the logout on new session while replacing with existing new session asp.net.cookies. If I am not using that cookies for next one hour that time it's throwing logout page, with in one hour it's allowing to access the application.
StartUp.cs代码
StartUp.cs code
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
新的OpenIdConnectAuthenticationOptions
{
ClientId = Globals.ClientId,
权限= Globals.Authority,
AuthenticationType ="oidc",
SignInAsAuthenticationType ="Cookies",
ResponseType ="code id_token",
PostLogoutRedirectUri = Globals.PostLogoutRedirectUri,
RedirectUri = Globals.RedirectUri,
TokenValidationParameters =新的TokenValidationParameters {SaveSigninToken = true},
通知=新的OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived =(上下文)=>
{
////强制引用/重定向为HTTPS
var builder = HttpContext.Current.Request.Url.AbsoluteUri;
context.AuthenticationTicket.Properties.RedirectUri = builder.ToString();
返回Task.FromResult(0);
},
RedirectToIdentityProvider =(上下文)=>
{
context.ProtocolMessage.DomainHint =我的域";
返回Task.FromResult(0);
},
SecurityTokenValidated =(上下文)=>
{
context.AuthenticationTicket.Properties.AllowRefresh = true;
//context.AuthenticationTicket.Properties.IsPersistent = true;
返回Task.FromResult(0);
}
}
});
如何使Asp.Net.Cookies立即注销后过期?我在哪里弄错了?由于这最后3周,我感到很震惊,请使用代码示例帮助我解决该问题.
How can I Make Asp.Net.Cookies expired after the logout instantly? Where I made the mistake? I struck due to this last 3 weeks, help me to resolve the issue with code sample.
推荐答案
是您的cookie不会过期从而您的用户仍登录到您的应用程序的问题,还是您要用户从门户网站而不是您的应用程序注销的问题?
Is the issue that your cookies do not expire so your user is still logged into your app, or is the issue that you want the users to log out of the portal rather than your application?
我很难完全理解您要完成的工作.
It's hard for me to completely understand what you are trying to accomplish.
对于Web应用程序的简单注销,这是可供参考的最佳示例.https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect/
For simple sign-out of a web application, this is the best sample to reference. https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect/
这篇关于在Azure AD Cookies身份验证注销后,无法立即使Asp.Net Cookie失效,的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!