Azure Active Directory logout (clear persistent token)

About

Asked 19/5, 2014 at 8:17 Answered 23/5, 2014 at 7:12

authentication azure dynamics-crm-online dynamics-crm-2013 azure-active-directory

I am developing a Windows Store application that communicate to Dynamics CRM Online using Azure Active Directory for the authentication.

The application uses this CRM 2013 SDK example: SampleCode\CS\ModernAndMobileApps\ModernSoapApp

and refers to this nuget package for the authentication:

Microsoft.Preview.WindowsAzure.ActiveDirectory.Authentication

I am able to authenticate correctly, the main line is this:

AuthenticationResult result = await _authenticationContext.AcquireTokenAsync("Microsoft.CRM", ClientID, redirectUrl, string.Empty, string.Empty);

The problem is that I need to add a logout functionality and I can't get rid of the persistent token.

I tried to do a logout with the following line:

(AuthenticationContext.TokenCache as DefaultTokenCache).Clear();

but the application is able to get a valid token by itself when I call again the AcquireTokenAsync method instead showing the page for entering the credentials.

What am I missing to perform a full logout?

Bianca answered 19/5, 2014 at 8:17 Comment(2)

How did you resolved this ? I'm having trouble with WPF app, when I checked the "Remember Me" in the popup window and sign in, I can't sign out. – Rehnberg 25/5, 2015 at 14:19

a workaround is to force another time the authentication with a wrong password, normally it resets the token – Bianca 26/5, 2015 at 4:20

If you would like to sign the user out of the STS too, issue a logout request: https://login.windows.net/{tenantid or "common"}/oauth2/logout?post_logout_redirect_uri={URL}. The URL needs to be a reply url registered with your app in AAD.

You're clearing the local credential cache. Silent auth might be happening due to the STS cookie (what does Fiddler trace when you call AcquireTokenAsync again)?

Hope that helps. Possible duplicate of this question.

Fob answered 23/5, 2014 at 7:12 Comment(4)

I googled and looks like the url is https://login.windows.net/common/oauth2/logout?post_logout_redirect_uri=<returnUrl> do you have a C# example to call this url for the logout? – Bianca 23/5, 2014 at 9:49

Yes made the correction above. I'm still getting used to the fact that SO editor hides things between angular braces. I don't have a c# example handy. Let me look for one. – Fob 23/5, 2014 at 18:32

WTF I have been looking everywhere for this on MSDN :/ – Shortcake 25/5, 2015 at 15:10

Would you please provide the C# code or give some more detail about how you 'issue a logout request'. Thanks. – Epistemology 11/2, 2017 at 15:12

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags