Reputation: 74
ASP .NET Core Blazor Server Microsoft Identity remotely user logout
I suppose a scenario where a user logged into the application, e.g. in a library, and forgot to log out. What should you do next to protect your own data and account from theft? Application (Blazor Server) use Microsoft Identity from AzureB2C. This authentication method provide refresh token on 90 days, and auth token on 60min. Afrer 60min application getting new auth token. On Azure exist option "revoke" but I heard that feature not working with B2C. Therefore, the user cannot log out remotely. I thought about creating a list with sessionID. The user would select the session to logout, and then the logged in hacker in the application would be automatically logged out. But that's just one problem. I don't know how to create a unique session ID. For example, if a compromised computer were to be used a VPN, geolocation sessions would be pointless.
Maybe I don't understand Azure B2C identity. I need explanation. Maybe anybody know how can I solve my problem?
Upvotes: 0
Views: 587
Answers (1)
Reputation: 46700
You can invalidate the refresh token in B2C.
You would still have to wait for the access token to expire.
Upvotes: 1
Related Questions
- How to logout of Blazor server from C# code
- Single-Sign Out on Azure AD B2C
- Azure B2C Logout implementation in ASP.NET Core?
- Using ASP.Net Core Identity and Azure authentication together in Blazor
- How to call "SignOut" in Blazor Server with AzureAD and Microsoft.Identity.Web?
- Sign out a user using AuthenticationStateProvider and set User.Identity.IsAuthenticated to false using Blazor
- SignOut of Azure AD in Blazor Server-Side without WebAPI
- New Blazor project with connection to local Identity Server 4
- Asp.Net Core Identity in Blazor server-side
- Issue with logout on Azure AD B2C and ASP.NET Core