如何从Windows中的OAuth2.0认证注销的Azure Active Directory身份验证 [英] how to logout from oauth2.0 authentication of windows azure active directory authentication

问题描述

我们正在使用auth2.0为Windows Azure在那里的 https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm= ......并成功验证后，我们重定向到我们的网站。
对于注销的网站，我们删除我们的网站所产生的所有Cookie，并再次重定向到l​​ogin.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm = .......网址，但在这个时候，我们都没有得到任何登录凭据屏幕，
重定向到我们的访问令牌的网站。什么样的过程，需要注销。因为如果我们删除所有cookie或者关闭浏览器，然后重新打开该网站作品和重定向我们login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm~~V = ........网址。

我们使用以下code的注销过程

  [NoCacheAttribute]
    公众的ActionResult退出（）
    {
   UserCookieWrapper.delete_UserCookieWrapper（）;
     //这个函数删除UserCookieWrapper类的所有datamemeber     字符串[] = theCookies
    System.IO.Directory.GetFiles（Environment.GetFolderPath（
    Environment.SpecialFolder.Cookies））;
        的foreach（在theCookies串currentFile）
        {
           尝试
           {
              System.IO.File.Delete（currentFile）;
           }
           赶上（例外objEx）{}        }
        Response.Clear（）;
       返回RedirectToAction（指数，登录）;
       }
 

您已经创建了不会帮你解决方案

清除cookie，因为用户仍与Azure的AD登录帐户。这是HOWO的Web-SSO（单点登录）的作品。无论您使用的Azure AD验证协议，你仍然需要正确实施注册手续 - 联合注销！这是是任何网络-SSO提供者，你会发现在互联网上的情况下 - 谷歌，Facebook，LinkedIn，Twitter的，你的名字。

你做的是刚刚签约用户您的应用程序，而不是从身份提供商。一旦您的应用程序将用户重定向到选定的身份提供者（你的情况AAD），如果用户有一个活动的会议上，一个不会看到登录界面！

为了正确实施联合注册了，你必须通过的实施SSO与Azure的Active Directory的。您可以快速前进的实施退出控制器的一步。它会显示一个code是这样的：

 公共无效SignOut（）
{
     WsFederationConfiguration FC =
            FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;     串请求= System.Web.HttpContext.Current.Request.Url.ToString（）;
     字符串wreply = request.Substring（0，request.Length  -  7）;     SignOutRequestMessage soMessage =
                     新SignOutRequestMessage（新的URI（fc.Issuer），wreply）;
     soMessage.SetParameter（wtrealm，fc.Realm）;     FederatedAuthentication.SessionAuthenticationModule.SignOut（）;
     的Response.Redirect（soMessage.WriteQueryString（））;
}
 

请通过整款（更好的整篇文章）阅读理解code做了什么，以及为什么你必须走这条路。

We are using auth2.0 for windows azure active directory authentication where authentication is performed on https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=...... and after successful authentication we are redirecting to our site. for logout the site we delete all the cookies generated on our site and redirect to the login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=....... url again but at this time we are not getting any login credentials screen and redirected to our site with access token. What process is required to logout. because if we delete all cookies or close the browser and reopen the site works and redirecting us to login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=........ url.

we are using following code for logout process

    [NoCacheAttribute]
    public ActionResult LogOut()
    {
   UserCookieWrapper.delete_UserCookieWrapper();
     //This function delete all the datamemeber of the UserCookieWrapper class                             

     string[] theCookies =   
    System.IO.Directory.GetFiles(Environment.GetFolderPath(
    Environment.SpecialFolder.Cookies));
        foreach(string currentFile in theCookies)
        {
           try
           {
              System.IO.File.Delete(currentFile);
           }
           catch(Exception objEx) { }

        }                    
        Response.Clear();
       return RedirectToAction("Index", "Login"); 
       }

解决方案

Clearing cookies you've created will not help you, since the user is still signed-in with the Azure AD. This is howo Web-SSO (Single-Sign-On) works. Regardless of the protocol you use to authenticate with Azure AD, you still need to implement the Sign Out properly - a federated Sign Out! This is the case with any web-sso provider you will find on the internet - Google, Facebook, LinkedIn, Twitter, you name it.

What you do is just signing user out of your Application, not from the identity provider. Once your application redirects the user to the selected identity provider (in your case AAD), if the user has an active session with it, one will not see login screen!

In order to properly implement federated sign-out, you have to read through the Implementing SSO with Azure Active Directory. You can fast forward to the "Implementing Sign Out Controller" step. Which will show a code like this:

public void SignOut()
{
     WsFederationConfiguration fc = 
            FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;

     string request = System.Web.HttpContext.Current.Request.Url.ToString();
     string wreply = request.Substring(0, request.Length - 7);

     SignOutRequestMessage soMessage = 
                     new SignOutRequestMessage(new Uri(fc.Issuer), wreply);
     soMessage.SetParameter("wtrealm", fc.Realm);

     FederatedAuthentication.SessionAuthenticationModule.SignOut();
     Response.Redirect(soMessage.WriteQueryString());
} 

Please read through the entire section (better the entire article) to understand what the code does and why you have to go this way.

这篇关于如何从Windows中的OAuth2.0认证注销的Azure Active Directory身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！