问:
I have created a Azure AD application and a Web App. The Azure AD Application uses AAD Authentication. This works well. When I go to my URL and I am not authenticated, I have to enter my credentials. When I enter my credentials, I am forwarded to my application.
But then comes the problem. How do I sign out. I have found this question and I wanted to implement option 2: not signing out using code, but using links Azure AD provides. The point is, I have no clue where to configure this. He states
Add some specific links for logging in and logging out
But where? Where in Azure and in which portal (new or old) can I configure this? He also provided a link with a sample, but I don't understand this sample (I kind of new to Azure).
答:
What you can do is construct a sign out URI in your application and when the user clicks on the Logout link or button, you redirect your users to that URI.
The format of a sign out URI is:
https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1}
Where {0} is the Tenant Id or the Azure AD name (something.onmicrosoft.com) and {1} is the link to your application where a user will be redirected back after the sign out process is complete at Azure AD end.
注意如果是中国Azure环境,对应的URI格式如下:
https://login.chinacloudapi.cn/{0}/oauth2/logout?post_logout_redirect_uri={1}
注意上面post_logout_redirect_uri参数的值,必须是编码后的URI查询字符串,例如如果post_logout_redirect_uri参数的值是:http://localhost:9081/,那么应该写为下面的格式:
https://login.chinacloudapi.cn/b63fb916-ea59-81ea-8f3f-d70a622a1a80/oauth2/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A9081
But this does not clear the browser cookies. You may have to explicitly delete the cookies from your Request Object:
foreach (string cookie in HttpContext.Current.Request.Cookies.AllKeys) { HttpContext.Current.Response.Cookies[cookie].Expires=DateTime.Now.AddDays(-1);}