Azure B2C logout (Custom Policy)

Question

The URL- https://cargonew.b2clogin.com/cargonew.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fw-identity.azurewebsites.net%2Fsignout-callback-oidc-b2c is getting cancelled when trying to signout from Azure webapp deployed on production while it works on development environment.Logout Cancelled Screenshot

Have added the CORS policy and also all the Reply URLs on B2C App registration. Also tried these URL on Front-channel logout URL:-

• https://cargonew.b2clogin.com/cargonew.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout
• https://w-identity.azurewebsites.net/Account/SignOut
• https://w-identity.azurewebsites.net/signout-callback-oidc-b2c

I have angular as a frontend but all the communication is done by the ASP.NET core Identity Server. It also worked fine with userflows.

        [HttpGet]
        public async Task<IActionResult> Logout(string logoutId, string type)
        {
            var logout = await _interaction.GetLogoutContextAsync(logoutId);
            return await (logout.Parameters[LOGIN_TYPE_PARAM_NAME] != INTERNAL_USER ? SignOut(logoutId) : InternalSignOut(logoutId));
        }

        [HttpGet]
        public async Task<IActionResult> SignOut(string logoutId)
        {
            ClearUserRoleSwitchData();

            // sign out local identity server
            await HttpContext.SignOutAsync();

            // sign out B2C
            var callbackUrl = Url.Action(nameof(SignedOut), "Account", new { logoutId = logoutId }, protocol: Request.Scheme);
            return SignOut(new AuthenticationProperties { RedirectUri = callbackUrl },
                CookieAuthenticationDefaults.AuthenticationScheme, "B2C");
        }
        [HttpGet]
        public async Task<IActionResult> SignedOut(string logoutId)
        {
            if (User.Identity.IsAuthenticated)
            {
                // Redirect to home page if the user is authenticated.
                return RedirectToAction(nameof(HomeController.Index), "Home");
            }

            var logout = await _interaction.GetLogoutContextAsync(logoutId);

            if (!string.IsNullOrWhiteSpace(logout?.PostLogoutRedirectUri))
            {
                return Redirect(logout?.PostLogoutRedirectUri);
            }

            return View();
        }

    "AzureAdB2C": {
      "ClientId": "6db9a5f0-e2a3-4f16-a738-1479bc71ef5b",
      "Tenant": "cargonew",
      "SignUpSignInPolicyId": "B2C_1A_SIGNUP_SIGNIN",
      "ResetPasswordPolicyId": "B2C_1A_PASSWORDRESET",
      "EditProfilePolicyId": "",
      "CallbackPath": "/signin-oidc-b2c",
      "SignedOutCallbackPath": "/signout-callback-oidc-b2c",
      "SignedOutRedirectUri": "https://w-app.azurewebsites.net/login"
    }

Answer 1

The Logout URL is getting cancelled when trying to signout from Azure webapp.

When using Azure AD B2C with a custom policy, a logout request includes a post_logout_redirect_uri parameter. This parameter tells Azure AD B2C where to redirect the user after logout.

If the post_logout_redirect_uri request is not registered in the Azure AD B2C application under Redirect URIs, Azure B2C cancels the logout process for security reasons. This is why you saw the Logout Cancelled message.

To avoid above Issue, add the post_logout_redirect_uri of /connect/endsession to the b2c application's Redirect URIs.

Azure Output: