Reputation: 438
Azure AD Authentication remembers selected account. How to stop this
To authenticate with AzureAD I put the folling Code in an Console Application
private static async Task<string> GetAuthTokenAsync(string tendent,string AppIdUri , string ClientID)
{
/*
<add key="ida:Audience" value="https://mehler.ws/ToDoWebApi" />
<add key="ida:ClientID" value="f0e91727-3edd-4b00-9630-591166a74e4b" />
*/
var authContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tendent));
AuthenticationResult result = authContext.AcquireToken(AppIdUri, ClientID , new Uri(Settings.Default.WebApiReplyAdress));
return result.CreateAuthorizationHeader();
}
the Method AcquireToken Shows a Screen where I am asked to Input my Credentials.
I accidently selected the Account I log in with in Windows 10. Now the Screen doesn't show up any more an the application uses my Windows 10 Account automatically. Does anyone know how to fix this Problem, so that the Screen shows up again?
Upvotes: 0
Views: 1317
Answers (3)
Reputation: 438
I found a very simple Solution myself to once clear the Cache. Delete Cookies in Internet Explorer / Edge ;-)
Thanks anyway for the Answers hot to implement proper Logout Code and Force Prompt for Login allways.
Upvotes: 0
Reputation: 7394
An easy way is to pass to AcquireToken PromptBehavior.Always, there's an overload for that. That will cause ADAL to ignore the cache and will ask the service for a clean prompt
Upvotes: 1
Reputation: 1153
Token's are cached to alleviate complexity in your app. You will need to clear the token cache if you want the user to log back in... typically you would setup a logout function.
More information on token cache: http://www.cloudidentity.com/blog/2013/10/01/getting-acquainted-with-adals-token-cache/
How to logout:
authContext.TokenCache.Clear();
string requestUrl = "https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1}";
Task.Run(async () =>
{
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
var response = await client.SendAsync(request);
});
- {0} - Fully qualified name of your Azure Active Directory e.g. yourad.onmicrosoft.com or tenant id.
- {1} - The URL of your application where a user must be redirected back after the logout is complete. This should be properly URL encoded.
Upvotes: 1
Related Questions
- Azure Active Directory skip account selection on logout
- Microsoft oauth account selection defaults to last used account even when multiple accounts are available
- Is it possible to prevent automatic sign-on through Azure Active Directory
- Azure Active Directory Stay Sign in OR Remember Me Option
- IdentityServer4 and Azure AD auto selects users on sign-in page
- How to Stop In Azure Ad Authentication Sign Out ask for Which account do you want to sign out of?
- Azure AD Stuck in a loop after Sign In
- Azure AD OAuth2 - Skip account selection
- Manage/remove Azure AD selection at my login
- Use Azure AD only for Authentication and not Authorization