Craig Neeson Craig Neeson - 20 days ago 12
C# Question

ADAL Azure AD Authentication user's login cached from different Azure AD session

Am currently setting up a web app hosted in Azure using Azure Active Directory for authentication, have almost worked all the kinks out but one issues remains. If a user has logged into a different Directory before hitting my sign-in page (in this case it is a University Office 365 login for email), the credential seems cached and Azure attempts to use it to log into my site, is there a way I can force the login screen on every sign-in and avoid re-use of a cached credential?

Project setup has been mainly standard, ASP.NET MVC architecture with default Azure Active Directory authentication settings.

Thanks!

A screenshot of the MS login page with error

Answer

Discovered the solution as soon as I posted. Implemented a signout and self-redirect to the sign-in method. Code is below:

  public void SignIn(bool? signedOut)
    {
        // Send an OpenID Connect sign-in request.
        if (!Request.IsAuthenticated)
        {
            // If the user is currently logged into another directory, log them out then attempt to
            // reauthenticate under this directory
            if (signedOut == null || signedOut == false)
            {
                HttpContext.GetOwinContext().Authentication.SignOut(
            new AuthenticationProperties { RedirectUri = Url.Action("SignIn", "Account", routeValues: new { signedOut = true }, protocol: Request.Url.Scheme) },
            OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
            }
            else
            {
                HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },
                    OpenIdConnectAuthenticationDefaults.AuthenticationType);
            }
        }
    }

Thanks anyway!

Comments