I know my following question is very related to this one: existing question but the answer is not solving my problem and maybe there is something else out there.
So I have a blazor web app in .net 8 using server side rendering. I want to make SSO login/logout using Azure Entra Id(active directory) with OpenIdConnect.
Sign it works fine, but the with sign out I have more problems. How can I do it withoutcalling a redirect to Navigation.NavigateTo("MicrosoftIdentity/Account/SignOut", true); . I do not want to use Microsoft.Identity.Web.UI because I do not want to create pages in my app if is not necessary. I do not manage the users from the app.
I tried to logout using something like this:
NavigationManager.NavigateTo("https://login.microsoftonline.com/{tenantid}/oauth2/logout?post_logout_redirect_uri=https://localhost:7216/signout-oidc");or
var request = httpContextAccessor.HttpContext.Request;logoutRedirectUri = "https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=" + Uri.EscapeDataString(request.Scheme + Uri.SchemeDelimiter + request.Host + request.PathBase +"/signout-oidc");NavigationManager.NavigateTo(logoutRedirectUri, true);I am redirected to https://localhost:7216/signout-oidc which is a blank page. If I try to redirect it "/"(home page) than I am automatically logged in.
This is what I have configured and also the links are registered in app registration in Azure portal
"AzureAd": {"Instance": "https://login.microsoftonline.com/","ClientId": "{clientId}","TenantId": "{tenantid}","CallbackPath": "/signin-oidc","SignedOutCallbackPath": "/signout-oidc"}Edit - Complete code:
Program.cs
var builder = WebApplication.CreateBuilder(args);builder.Services.AddMudServices(config =>{ config.SnackbarConfiguration.PositionClass = Defaults.Classes.Position.TopRight; config.SnackbarConfiguration.PreventDuplicates = false; config.SnackbarConfiguration.NewestOnTop = true; config.SnackbarConfiguration.ShowCloseIcon = true; config.SnackbarConfiguration.VisibleStateDuration = 7000; config.SnackbarConfiguration.HideTransitionDuration = 500; config.SnackbarConfiguration.ShowTransitionDuration = 500; config.SnackbarConfiguration.SnackbarVariant = Variant.Outlined;});builder.Services.AddDbContextFactory<Context>(options =>{ options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"));});//Loogerbuilder.Logging.AddAzureWebAppDiagnostics();builder.Logging.AddApplicationInsights( configureTelemetryConfiguration: (config) => config.ConnectionString = builder.Configuration.GetConnectionString("AppInsights"), configureApplicationInsightsLoggerOptions: (options) => { } );//SSO Loginbuilder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(options => { // Bind the configuration section and set additional options builder.Configuration.Bind("AzureAd", options); });builder.Services.AddAuthorization(options =>{ options.AddPolicy("AdminOnly", policy => policy.RequireRole("Admin")); options.AddPolicy("UserOnly", policy => policy.RequireRole("User"));});builder.Services.AddScoped<NotificationToastUtility>();builder.Services.AddControllersWithViews();builder.Services.AddRazorPages();builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();Registration.AddRegistration(builder.Services);// Add SignalR servicesbuilder.Services.AddSignalR();var app = builder.Build();// Configure the HTTP request pipeline.if (!app.Environment.IsDevelopment()){ app.UseExceptionHandler("/Error", createScopeForErrors: true); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts();}app.UseHttpsRedirection();app.UseStaticFiles();app.UseAntiforgery();app.UseAuthentication();app.UseAuthorization();app.MapRazorComponents<App>() .AddInteractiveServerRenderMode();app.MapRazorPages();app.MapControllers();// Map the SignalR hubapp.MapHub<StepHub>("/stephub");app.Run();In the navbar I have a link that calls the logout
<a href="@logoutRedirectUri"><span class="oi oi-account-logout">Logout</span></a>Code behind where @logoutRedirectUri is created
protected override void OnInitialized() { var request = httpContextAccessor.HttpContext.Request; var loginHint = request.HttpContext.User.FindFirstValue("login_hint"); logoutRedirectUri = "https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri="+ Uri.EscapeDataString(request.Scheme + Uri.SchemeDelimiter + request.Host + request.PathBase +"/signout-oidc"); if (loginHint != null) { logoutRedirectUri += "&logout_hint=" + Uri.EscapeDataString(loginHint); } }