问题描述
目前,我正在使用Azure Active Directory进行身份验证以设置在Azure中托管的Web应用程序,几乎解决了所有问题,但仍然存在一个问题。如果用户在访问我的登录页面之前登录了其他目录(在这种情况下,这是大学Office 365电子邮件登录名),则该凭据似乎已缓存,Azure尝试使用该凭据登录我的网站,我可以在每次登录时强制登录屏幕并避免重复使用缓存的凭据吗?
Am currently setting up a web app hosted in Azure using Azure Active Directory for authentication, have almost worked all the kinks out but one issues remains. If a user has logged into a different Directory before hitting my sign-in page (in this case it is a University Office 365 login for email), the credential seems cached and Azure attempts to use it to log into my site, is there a way I can force the login screen on every sign-in and avoid re-use of a cached credential?
项目设置主要是标准的ASP.NET MVC体系结构,默认的Azure Active Directory身份验证设置。
Project setup has been mainly standard, ASP.NET MVC architecture with default Azure Active Directory authentication settings.
谢谢!
推荐答案
我发布后立即发现了解决方案。实现注销并自动重定向到登录方法。代码如下:
Discovered the solution as soon as I posted. Implemented a signout and self-redirect to the sign-in method. Code is below:
public void SignIn(bool? signedOut)
{
// Send an OpenID Connect sign-in request.
if (!Request.IsAuthenticated)
{
// If the user is currently logged into another directory, log them out then attempt to
// reauthenticate under this directory
if (signedOut == null || signedOut == false)
{
HttpContext.GetOwinContext().Authentication.SignOut(
new AuthenticationProperties { RedirectUri = Url.Action("SignIn", "Account", routeValues: new { signedOut = true }, protocol: Request.Url.Scheme) },
OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
else
{
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
}
仍然感谢!
这篇关于从其他Azure AD会话缓存的ADAL Azure AD身份验证用户的登录名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!