How to implement Single Sign-out of both .net core mvc?

Question

Hi All,

I am implementing Azure AD authentication (b2b) in both web application .NET CORE 6 MVC.

I am looking for an example to authenticate and authorize two .NET Core MVC Web Applications to communicate with one another.

Example:

Webapplication-1 and WebApplication-2 (Both are under same domain and IIS)

Below is the way application is configured currently which uses Identity Server and we moving to Azure AD

Webapplication-1 - Will load all the menus in that few menus will be part of Webapplication-2 and rest part of Webapplication-1

Example:

Webapplication-1 Menus

Webapplication-2/Home
Webapplication-2/Edit
Webapplication-1/View
Webapplication-1/Download

When user click Sign Out in Webapplication-2, "Microsoft.Identity.Web" automatically logs out and clear cookies of Webapplication-2 and I am able to override SignedOut.cshtml to have custom logout page.

Issue is Webapplication-1 cookies still is in browser..

I want to implement Single Sign-out when user click Sign Out button either of the application.

How to implement Single Sign-out.

Answer 1

you will need to use the same cookie for both applications (set subdomain as cookie path). this will require both sites use the same custom roles if any. also you will need to configure DataProtection services to use the same encryption/decryption key for both sites.

cookie settings:

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-7.0

data protection services configuration:

https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-7.0