Azure B2C Logout - Blazor

SandeepG 41 Reputation points
2023-02-18T16:58:28.5+00:00

Hi Folks,

I've build a Blazor server app and I'm using the Azure b2c which I build using the wizard.

I don't have a login page and I only use the Google as oauth provider. I just have the default blanket redirect which is fine for me.

builder.Services.AddAuthorization(options =>
{
    // By default, all incoming requests will be authorized according to the default policy
    options.FallbackPolicy = options.DefaultPolicy;
});

One issue is that I'm facing is that when I'm opening the app it doesn't prompt me asking which account I want to use. I know I'm already signed into my google account as whole but when opening my app I would like the app to prompt for "choosing the account". When I run the same userflow on the portal it does prompt me. The same just doesn't happen for my app. How can I make sure that the app always asks to select the account? I read some articles which said to add "prompt" keyword but I don't know where to add that as I'm not calling any custom url.

User's image

User's image

Another issue I'm facing is that the log-out doesn't work as expected. In my app logout sequence is same as the default which redirects user to MicrosoftIdentity/Account/SignIn link.

<AuthorizeView>
    <Authorized>
        Hello, @context.User.Identity?.Name!
        <a href="MicrosoftIdentity/Account/SignOut">Log out</a>
    </Authorized>
    <NotAuthorized>
        <a href="MicrosoftIdentity/Account/SignIn">Log in</a>
    </NotAuthorized>
</AuthorizeView>

Once I click the logout button; I does something and then redirects me to this page.

User's image

However once I click the back button, the app opens as normal with the user still signed in. I expected the app to prompt for login at-least this time.

Can you please help me with the right approach for the implementing this. I prefer to avoid advance things like custom user flows. Perhaps some settings in appsettings.json can do the trick?

Thanks a lot.

Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,378 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,391 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Shweta Mathur 27,141 Reputation points Microsoft Employee
    2023-02-20T08:06:46.83+00:00

    Hi @SandeepG ,

    Thanks for reaching out.

    The AddMicrosoftIdentityWebAppAuthentication method in the Microsoft identity platform API allow developers to add code for advanced authentication scenarios.

    prompt=select_account parameter will force the user to select the account they want to use even if they are already signed in with a Google account.

    To add this parameter in your URL, you need to modify the OpenIdConnectOptions in your Startup.cs file.

    services.Configure<OpenIdConnectOptions>(options =>
    {
        options.Events.OnRedirectToIdentityProvider = context =>
        {
            context.ProtocolMessage.SetParameter("prompt", "select_account");
            return Task.FromResult(0);
        };
    });
    
    

    This code adds an event handler for the OnRedirectToIdentityProvider event, which is triggered when the user needs to be redirected to the Google Account.

    Reference: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory-b2c/enable-authentication-web-application-options.md#support-advanced-scenarios

    For logout, you can clear authentication cookies from the current session and delete the current user's tokens from the token store by sending a GET request to the https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout endpoint.

    and to change the post-sign-out-redirect page by adding /logout?post_logout_redirect_uri=/index.html

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy#sign-out

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    2 people found this answer helpful.

  2. Michael Washington 891 Reputation points MVP
    2023-02-18T19:53:34.9566667+00:00

    instead of this:

    <a href="MicrosoftIdentity/Account/SignOut"><h4>Log Off</a>

    I use this:

    @inject NavigationManager navigationManager
    
    <a href="#" @onclick="@(() => logoff())" @onclick:preventDefault>Log Off`
    
    string logofflink = "https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=" + navigationManager.Uri + "MicrosoftIdentity/Account/SignOut"; 
    
    public void mylogoff()
    {
       navigationManager.NavigateTo(logofflink, true);
    }