Azure b2c session doesn't expire

Srivastava, Roshan (North Sydney) 26 Reputation points
2021-07-08T11:51:19.767+00:00

Hi,

I am using Azure b2c with web app integration and it works fine but there are few issue that I noticed which i could not figure out how to do.

  1. After closing browser the session is not getting terminated
  2. Session also doesn't expire if I reopen browser after 2-3 hour
  3. On clicking logout the page is not redirect to my logout page even though I am passing redirect uri

Thanks!!!

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,633 questions
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 21,466 Reputation points Microsoft Employee
    2021-07-09T22:21:39.287+00:00

    Hi @Anonymous , you most likely need to tweak some settings to get this to work. This thread goes into great detail on how you can accomplish this. Also, please take a look at this document. It details how you can customize the session behavior. If you've already viewed this documents or have any other questions please let me know.

    If this answer helped you please mark it as "Verified" so other users may reference it.

    Thank you,
    James

    0 comments No comments

  2. Srivastava, Roshan (North Sydney) 26 Reputation points
    2021-07-10T04:55:51.837+00:00

    113497-sign-in2.pngI get that the refresh token may be the reason for the silent authentication. But is there a way to turn off the refresh token flow as the minimum value in the config i can set is 1 days.

    The configuration b2c is attached as image. In startup I have following code to enable openid connect

     services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme);  
                services.AddMicrosoftIdentityWebAppAuthentication(serviceProvider.GetRequiredService<IConfiguration>(), "AzureAdB2C");  
      
                services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, configureOptions: option =>  
                {  
                    
                    option.GetClaimsFromUserInfoEndpoint = true;  
                    option.Events = new OpenIdConnectEvents();  
                    
                    option.Events.OnAuthorizationCodeReceived = context =>  
                    {  
                        // var idToken = context.;  
                        return Task.CompletedTask;  
                    };  
                    option.Events.OnTicketReceived = context =>  
                    {  
                        context.HttpContext.Session.SetString("sign-id", context.HttpContext.Session?.Id ?? Guid.NewGuid().ToString());  
                        // var idToken = context.;  
                        return Task.CompletedTask;  
                    };  
                    option.Events.OnTokenValidated = OpenIdConnectionExtension.OnTicketReceivedCallback;  
                    option.Events.OnRemoteFailure = OpenIdConnectionExtension.OnRemoteFailure;  
                    option.Events.OnRemoteSignOut = context =>  
                    {  
                        context.Response.Redirect("/Identity/Account/Logout");  
      
                        return Task.CompletedTask;  
      
                    };  
                });  
    

    113440-sign-in.png

    0 comments No comments