2

I have set up a Azure B2C OpenIdConnect system for our website using Microsoft Identity Web (https://github.com/AzureAD/microsoft-identity-web}. I could sign-in and out of the system with out issue. I can still sign-in but I am unable to sign-out after I attempt to implement secure logout redirect described in the following link:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-web-application-options#secure-your-logout-redirect

I am running into a 404 when I attempt to sign-out. The following link is where the instruction I used to set up the customized account controller that the above documentation describes (same document but different section)

https://learn.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-web-application-options#account-controller

The following is the code that I am using that results in my error:

_LoginPartial.cshtml

... 
<a class="nav-link text-light" asp-area="MicrosoftIdentity" asp-controller="MyAccount" asp-action="SignOutAsync">Sign out</a>
...

Startup.cs ConfigureServices

 public void ConfigureServices(IServiceCollection services)
    {
        //This is the configuration for OpenIdConnect which in this case is using Azure B2C.
        //Used the following article to set this up:
        //https://learn.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-web-application-options#support-advanced-scenarios
        services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApp( options =>
            {
                //Configuration.GetSection("AzureAdB2C"), "OpenIdConnect", "Cookies", true
                Configuration.Bind("AzureAdB2C", options);
                options.Events ??= new OpenIdConnectEvents();
                options.Events.OnRedirectToIdentityProvider += OnRedirectToIdentityProviderFunc;
                options.Events.OnRemoteFailure += OnRemoteFailureFunc;
                options.Events.OnAuthenticationFailed += OnAuthFailureFunc;
                options.Events.OnRemoteFailure += OnRemoteFailureFunc;
                options.Events.OnTokenValidated += OnValidationFunc;
                options.Events.OnRedirectToIdentityProviderForSignOut += OnRedirectToIdentityProviderForSignOutFunc;
                options.Events.OnSignedOutCallbackRedirect += OnSignedOutCallbackRedirectFunc;
                options.Events.OnRemoteSignOut += OnRemoteSignOutFunc;
                options.SaveTokens = true;
            });

        services.AddControllersWithViews()
            .AddNewtonsoftJson()
            .AddMicrosoftIdentityUI();

        services.AddRazorPages()
            .AddMicrosoftIdentityUI();

        ...

    }

Startup Routing (Add in the areas route in attempt to fix the issue)

 app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "areas",
                pattern: "{area:exists}/{controller=Home}/{action=Index}/{scheme?}");

            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");

            endpoints.MapRazorPages();
        });

MyAccountController.cs in full

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;

namespace profile.usafa.org.Controllers
{
    [AllowAnonymous]
    [Area("MicrosoftIdentity")]
    [Route("[area]/[controller]/[action]")]
    public class MyAccountController : Controller
    {
        [HttpGet("{scheme?}")]
        public async Task<IActionResult> SignOut([FromRoute] string scheme)
        {
            scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
            var redirectUrl = Url.Content("~/");
            var properties = new AuthenticationProperties { RedirectUri = redirectUrl };
            //obtain the id_token
            var idToken = await HttpContext.GetTokenAsync("id_token");
            //send the id_token value to the authentication middleware
            properties.Items["id_token_hint"] = idToken;

           return SignOut(properties, CookieAuthenticationDefaults.AuthenticationScheme, scheme);
        }

        [HttpGet("{scheme?}")]
        public async Task<IActionResult> SignOutAsync([FromRoute] string scheme)
        {
            scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
            var redirectUrl = Url.Content("~/");
            var properties = new AuthenticationProperties { RedirectUri = redirectUrl };
            //obtain the id_token
            var idToken = await HttpContext.GetTokenAsync("id_token");
            //send the id_token value to the authentication middleware
            properties.Items["id_token_hint"] = idToken;

            return SignOut(properties, CookieAuthenticationDefaults.AuthenticationScheme, scheme);
        }

    }
}

When I click the sign-out link I get directed to: localhost:#####/MicrosoftIdentity/MyAccount/SignOutAsync

But I get a 404 error. At this point I am not sure what to do. Thank you for any help anyone can provide.

nejohannsen
  • 189
  • 9

0 Answers0