Geek Answers Handbook

Azure Active Directory Logout with ADAL

I used my Azure Active Directory to protect my web API and create my own application in the Azure Management Portal. This native application is basically an MVC web application, and I use the ADAL library to get the token and call the api with that token. The code I used to get the token is shown below:

AuthenticationContext ac = new AuthenticationContext(authority); AuthenticationResult ar = ac.AcquireToken(resourceID, clientID, redirectURI); string accessToken = ar.AccessToken;

Now I need to go out and switch to another user, but somehow the user credentials are remembered by the system. I clear the cache token in the authentication context and send an api request to exit the system as follows, where *** is my tenant ID.

 //Log out after api call ac.TokenCache.Clear(); string requestUrl = "https://login.windows.net/***/oauth2/logout"; var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Get, requestUrl); var response = await client.SendAsync(request);

The api code completed successfully, but logging out does not work. What to do to log out and switch to another user?

+6
source share
3 answers

I do not think this will work. You will need to redirect the user to logout to logout.

Here you can create an output URI:

https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1}

Where:

  • {0} . The fully qualified name of your Azure Active Directory, for example. yourad.onmicrosoft.com or tenant ID.
  • {1} . The URL of the application in which the user should be redirected after registration is completed. This must be correctly encoded URL.
+8
source

If you set a goal to subscribe to another user, you do not need to log out of the first user from his session using Azure AD. You can pass PrompBehavior. Always in your AcquireToken call, so you are guaranteed to request a user with a clean UX account. Note. If you want to erase all traces of the first user from the application, you can save the cache clear code that you have. ADAL allows you to store tokens for multiple users, therefore, if your application as a multi-user function can be useful, the trick is that if you do this, then in each AcquireToken you will also need to indicate which user you need the token for or ADAL not will know which one should be returned. If you do not need several users at once, clearing the cache + PromptBehavior.Always remains the easiest way.

+1
source

You can do this to clear the cache:

  CookieManager cookieManager = CookieManager.getInstance(); cookieManager.removeAllCookie(); CookieSyncManager.getInstance().sync(); mAuthContext.getCache().removeAll();
+1
source

More articles:


All Articles