- ABP Framework version: v9.0.3
- UI Type:Blazor Server
- Database System: EF Core (SQL Server)
I"m trying to add signout functionality to my ABP app which uses Azure AD/Entra to authenticate. My config looks like:
sAuth.AddOpenIdConnect("AzureAD", "Microsoft/365", options =>
{
options.Authority = "https://login.microsoftonline.com/" + configuration["auth:AzureAd:TenantId"] + "/v2.0/";
options.ClientId = configuration["auth:AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = configuration["auth:AzureAd:CallbackPath"];
options.ClientSecret = configuration["auth:AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("email");
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
}
I added the following class and that successfully enabled users to "sign out" but what I actually want is for users to be able to switch users. I do NOT want to see the Microsoft "Pick and account" dialog asking "Which account do you want to sign out of?" I tried adding redirect as you see below but that didn't help.
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(LogoutModel))]
public class CustomLogoutModel : LogoutModel
{
public override async Task<IActionResult> OnGetAsync()
{
if (CurrentUser.IsAuthenticated)
{
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
{
Identity = IdentitySecurityLogIdentityConsts.Identity,
Action = IdentitySecurityLogActionConsts.Logout
});
}
//
await SignInManager.SignOutAsync();
await HttpContext.SignOutAsync(ConfirmUserModel.ConfirmUserScheme);
await HttpContext.SignOutAsync(ChangePasswordModel.ChangePasswordScheme);
//return SignOut("AzureAD");
var callbackUrl = Url.Page("/Account/Logout", pageHandler: null, values: null, protocol: Request.Scheme);
var properties = new AuthenticationProperties
{
RedirectUri = callbackUrl
};
return SignOut(properties, "AzureAD");
}
}
I just want to let the users sign in again with another user.
3 Answer(s)
-
0
Nor did this. I'm missing something
var callbackUrl = "https://login.microsoftonline.com/" + configuration["auth:AzureAd:TenantId"] + "oauth2/v2.0/logout?post_logout_redirect_uri=" + UrlEncoder.Default.Encode(configuration["App:SelfUrl"] + "/Account/Logout"); -
0
Hi,
ABP Framework supports all the OpenID Connect protocols and its standards. In your case, you could already connected to your custom Azure AD login. But you need a specific implementation but that's not implemented in ABP Framework or openiddict library that we use. It's more likely related to Azure.
Still I could find something that can be related to this topic, have you tried to add
prompt=select_accountparameter to the querystring while redirecting?https://stackoverflow.com/questions/59361149/allow-a-switch-accounts-prompt
https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/5423
-
0
You're the best!!
I removed the CustomLogoutModel and instead added
options.Prompt = "select_account"to ConfigureAuthentication().sAuth.AddOpenIdConnect("AzureAD", "Microsoft/365", options => { options.Authority = "https://login.microsoftonline.com/" + configuration["auth:AzureAd:TenantId"] + "/v2.0/"; options.ClientId = configuration["auth:AzureAd:ClientId"]; options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.CallbackPath = configuration["auth:AzureAd:CallbackPath"]; options.ClientSecret = configuration["auth:AzureAd:ClientSecret"]; options.RequireHttpsMetadata = false; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("email"); options.Prompt = "select_account"; options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub"); }And now it allows me to easily select a different account each time I "login" with AzureAD. Perfect! Thanks.
