Azure Active Directory logout (clear persistent token)

Question

I am developing a Windows Store application that communicate to Dynamics CRM Online using Azure Active Directory for the authentication.

The application uses this CRM 2013 SDK example: SampleCode\CS\ModernAndMobileApps\ModernSoapApp

and refers to this nuget package for the authentication:

Microsoft.Preview.WindowsAzure.ActiveDirectory.Authentication

I am able to authenticate correctly, the main line is this:

AuthenticationResult result = await _authenticationContext.AcquireTokenAsync("Microsoft.CRM", ClientID, redirectUrl, string.Empty, string.Empty);

The problem is that I need to add a logout functionality and I can't get rid of the persistent token.

I tried to do a logout with the following line:

(AuthenticationContext.TokenCache as DefaultTokenCache).Clear();

but the application is able to get a valid token by itself when I call again the AcquireTokenAsync method instead showing the page for entering the credentials.

What am I missing to perform a full logout?

How did you resolved this ? I'm having trouble with WPF app, when I checked the "Remember Me" in the popup window and sign in, I can't sign out. — Dabbas, May 25 '15 at 14:19
a workaround is to force another time the authentication with a wrong password, normally it resets the token — Guido Preite, May 26 '15 at 04:20

score 18 · Answer 1 · edited Apr 10 '18 at 09:10

18

If you would like to sign the user out of the STS too, issue a logout request: https://login.windows.net/{tenantid or "common"}/oauth2/logout?post_logout_redirect_uri={URL}. The URL needs to be a reply url registered with your app in AAD.

You're clearing the local credential cache. Silent auth might be happening due to the STS cookie (what does Fiddler trace when you call AcquireTokenAsync again)?

Hope that helps. Possible duplicate of this question.

edited Apr 10 '18 at 09:10

Mache

106
1
3
8

answered May 23 '14 at 07:12

Dushyant Gill

3,966
18
14

1

I googled and looks like the url is `https://login.windows.net/common/oauth2/logout?post_logout_redirect_uri=` do you have a C# example to call this url for the logout? – Guido Preite May 23 '14 at 09:49
1

Yes made the correction above. I'm still getting used to the fact that SO editor hides things between angular braces. I don't have a c# example handy. Let me look for one. – Dushyant Gill May 23 '14 at 18:32
WTF I have been looking everywhere for this on MSDN :/ – Michael Theriot May 25 '15 at 15:10
2

Would you please provide the C# code or give some more detail about how you 'issue a logout request'. Thanks. – Quark Soup Feb 11 '17 at 15:12

Azure Active Directory logout (clear persistent token)

1 Answers1