3

Background

I'm newbie in azure, and this is my first post so please bear in mind with me.

Currently I'm working on Azure Single-Sign-On for my company.

Following the instructions: Web App Sign In & Sign Out with Azure AD, I've created/copied a MVC 5 project with OWIN OpenId Authentication using VS2015.

Issue

Signing in is working well but signing out is not:

  1. signed in with user A and signed out. No problem.

  2. And then tried signing in with another user B: clicking 'Use anther account' in login.microsoftonline.com and entering user B's email address, without allowing me to enter the password, it redirected me to my home page showing user A is signed in!

Only if I closed and reopened the browser (tried with both Chrome and FF), it allowed me to enter user B's password and to sign in as user B.

Codes

public class AccountController : Controller
{
    public void SignIn()
    {
        // Send an OpenID Connect sign-in request.
        if (!Request.IsAuthenticated)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties {RedirectUri = "/"},
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }

    public void SignOut()
    {
        string callbackUrl = Url.Action("SignOutCallback", "Account", routeValues: null,
            protocol: Request.Url.Scheme);

        Request.GetOwinContext().Authentication.SignOut(
            new AuthenticationProperties {RedirectUri = callbackUrl},
            OpenIdConnectAuthenticationDefaults.AuthenticationType,
            CookieAuthenticationDefaults.AuthenticationType);
    }

    public ActionResult SignOutCallback()
    {
        if (Request.IsAuthenticated)
        {
            // Redirect to home page if the user is authenticated.
            return RedirectToAction("Index", "Home");
        }

        return View();
    }
}

I did a lot of searches but still no luck.

Here is the exact same issue as mine: OWIN - Authentication.SignOut() doesn't remove cookies

What @user3613871 said makes a lot of senses to me:

the cookies are AppServiceAuthSession cookies - no longer the AspNet cookies. Thus, the logout no longer works.

But I still couldn't figure out the workaround.

Is there any thing I can do on the settings in azure or my codes to clear up "the azure cookies"?

Any idea is welcome and thanks in advance.

Community
  • 1
  • 1
ZZzz.George
  • 31
  • 4
  • I'm not sure what you are looking for here that isn't in the SO question you linked to. This covers the express vs manual Azure AD configuration, if you want to use your logout function, you need manual: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-active-directory-authentication/ – Matthew Dec 16 '15 at 18:27

0 Answers0