Azure AD 注销

Azure AD Sign Out

我想从 azure ad b2c 退出我的 webapp。我按照本示例 https://www.janaks.com.np/azure-ad-identity-provider-in-aspnet-core-application/ 中的建议尝试了以下操作。

if (HttpContext.User.Identity.IsAuthenticated)
{
    await HttpContext.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
    await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}

在Startup.cs中进行如下配置:

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    AuthenticationScheme = settings.SignInPolicyId,
    AutomaticChallenge = true,
    CallbackPath = settings.SignInCallbackPath,
    ClientId = settings.ClientId,
    MetadataAddress = string.Format(settings.AadInstance, settings.Tenant, settings.SignInPolicyId),
    PostLogoutRedirectUri = settings.RedirectUri,
    TokenValidationParameters = new TokenValidationParameters
    {
        NameClaimType = "name"
    },
    AutomaticAuthenticate = true,
    Scope = { "openid" },
    ResponseType = "id_token",
    GetClaimsFromUserInfoEndpoint = true
});

但是当我尝试从 webapp 注销时会抛出以下异常:

InvalidOperationException: No authentication handler is configured to handle the scheme: OpenIdConnect

感谢您的帮助。

您必须确定您设置的身份验证方案:

if (HttpContext.User.Identity.IsAuthenticated)
{
    await HttpContext.Authentication.SignOutAsync(settings.SignInPolicyId);
    await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}

您将不得不以某种方式获取此控制器的策略 ID 并使用它来识别适当的中间件。

接受的答案适用于 Auth 1,但在 Auth 2 中该方法已贬值,因此请使用扩展方法。

await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

参考:https://github.com/aspnet/Announcements/issues/232