Azure AD Sign Out

Question

I like to sign out my webapp from an azure ad b2c. I tried the following like suggested in this sample https://www.janaks.com.np/azure-ad-identity-provider-in-aspnet-core-application/.

if (HttpContext.User.Identity.IsAuthenticated)
{
    await HttpContext.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
    await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}

With the following configuration in the Startup.cs:

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    AuthenticationScheme = settings.SignInPolicyId,
    AutomaticChallenge = true,
    CallbackPath = settings.SignInCallbackPath,
    ClientId = settings.ClientId,
    MetadataAddress = string.Format(settings.AadInstance, settings.Tenant, settings.SignInPolicyId),
    PostLogoutRedirectUri = settings.RedirectUri,
    TokenValidationParameters = new TokenValidationParameters
    {
        NameClaimType = "name"
    },
    AutomaticAuthenticate = true,
    Scope = { "openid" },
    ResponseType = "id_token",
    GetClaimsFromUserInfoEndpoint = true
});

But when I try sign out from the webapp following Exception will be thrown:

InvalidOperationException: No authentication handler is configured to handle the scheme: OpenIdConnect

Thanks for your help.

Answer 1

You have to identify the authentication scheme that you set:

if (HttpContext.User.Identity.IsAuthenticated)
{
    await HttpContext.Authentication.SignOutAsync(settings.SignInPolicyId);
    await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}

You will somehow have to get the policy id to this controller and use it to identify the appropriate middleware.

Answer 2

The accepted answer is good for Auth 1, but in Auth 2 that method is depreciated, so use the extension method.

await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

Reference: https://github.com/aspnet/Announcements/issues/232