Reputation: 24789
How to signout from an Azure Application?
I have created a Azure AD application and a Web App. The Azure AD Application uses AAD Authentication. This works well. When I go to my URL and I am not authenticated, I have to enter my credentials. When I enter my credentials, I am forwarded to my application.
But then comes the problem. How do I sign out. I have found this question and I wanted to implement option 2: not signing out using code, but using links Azure AD provides. The point is, I have no clue where to configure this. He states
Add some specific links for logging in and logging out
But where? Where in Azure and in which portal (new or old) can I configure this? He also provided a link with a sample, but I don't understand this sample (I kind of new to Azure).
Upvotes: 13
Views: 38325
Answers (3)
Reputation: 136126
What you can do is construct a sign out URI in your application and when the user clicks on the Logout link or button, you redirect your users to that URI.
The format of a sign out URI is:
https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1}
Where {0} is the Tenant Id or the Azure AD name (something.onmicrosoft.com) and {1} is the link to your application where a user will be redirected back after the sign out process is complete at Azure AD end.
Upvotes: 21
Reputation: 24789
I finally found why I couldn't get the provided example to work which I mentioned in my start post: the setting WEBSITE_AUTH_LOGOUT_PATH is deprecated and you can now call /.auth/logout to log out.
Found it on this page
Upvotes: 7
Reputation: 860
You could use the URI
https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1}
as @Gaurav suggested. But this does not clear the browser cookies. You may have to explicitly delete the cookies from your Request Object:
foreach (string cookie in HttpContext.Current.Request.Cookies.AllKeys) { HttpContext.Current.Response.Cookies[cookie].Expires=DateTime.Now.AddDays(-1);}
But, there's also one issue with this that Azure AD caches the cookies for some time interval so any request sent using the same cookie from any other source could be authenticated successfully by Azure AD. I'm still trying to figure out how to tackle this.
Hope this helps. Thanks
Upvotes: 1
Related Questions
- Logout is not working in Microsoft Azure Web App
- SSO logout from Microsoft Account ever where, is it possible to logout only for specific Azure AD Enterprise application?
- How can I manually unload an Azure App Service?
- How to call "SignOut" in Blazor Server with AzureAD and Microsoft.Identity.Web?
- Log out of an Azure Active Directory application from a WPF application?
- How to abandon Azure App Service session after logging out
- How to sign out from Azure AD 2.0/MSAL in a desktop application?
- Logout from different applications signed in with the same Azure AD user
- Azure Active directory Logout
- Azure Web App logout from AAD Authentication