Azure Active Directory logout (clear persistent token)

Guido Preite picture Guido Preite · May 19, 2014 · Viewed 20.7k times · Source

I am developing a Windows Store application that communicate to Dynamics CRM Online using Azure Active Directory for the authentication.

The application uses this CRM 2013 SDK example: SampleCode\CS\ModernAndMobileApps\ModernSoapApp

and refers to this nuget package for the authentication:

Microsoft.Preview.WindowsAzure.ActiveDirectory.Authentication

I am able to authenticate correctly, the main line is this:

AuthenticationResult result = await _authenticationContext.AcquireTokenAsync("Microsoft.CRM", ClientID, redirectUrl, string.Empty, string.Empty);

The problem is that I need to add a logout functionality and I can't get rid of the persistent token.

I tried to do a logout with the following line:

(AuthenticationContext.TokenCache as DefaultTokenCache).Clear();

but the application is able to get a valid token by itself when I call again the AcquireTokenAsync method instead showing the page for entering the credentials.

What am I missing to perform a full logout?

Answer

Dushyant Gill picture Dushyant Gill · May 23, 2014

If you would like to sign the user out of the STS too, issue a logout request: https://login.windows.net/{tenantid or "common"}/oauth2/logout?post_logout_redirect_uri={URL}. The URL needs to be a reply url registered with your app in AAD.

You're clearing the local credential cache. Silent auth might be happening due to the STS cookie (what does Fiddler trace when you call AcquireTokenAsync again)?

Hope that helps. Possible duplicate of this question.