ADAL: W8.1 app trying to log user out

淺唱寂寞╮ 提交于 2019-12-02 01:39:46
vibronet

The actual user session is determined by two different components: the token cache (under ADAL's control) and any session tracking cookies that might be present in the system (not under ADAL's control).

As you point out, you can easily take care of the token cache part. However the logic you mentioned for clearing up cookies will NOT work on Windows Store applications. It works on WPF because for desktop apps, the cookie jar used during authentication is the one of the application itself. On Windows Store, authentication takes pace with the WebAuthenticationBroker, which has its own cookie jar that is separate and unreachable from your application code.

The most robust approach there is not to create any persistent cookie (e.g. NOT clicking "remember me" during authentication). However, if you end up with such a cookie, the main way of getting rid of it is triggering a sign out from the same WebAuthenticationBroker - the server will take care of cleaning things up. In terms of code:

string requestUrl = "https://login.windows.net/common/oauth2/logout";
Task.Run(async () =>
{
    try
    {
        await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.SilentMode, new Uri(requestUrl));
    }
    catch (Exception)
    {
        // timeout. That's expected
    }
});
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!