question

RoshanSrivastava-4168 avatar image
0 Votes"
RoshanSrivastava-4168 asked AnshulKumarMINDTREELIMITED-5501 commented

Azure b2c session doesn't expire

Hi,

I am using Azure b2c with web app integration and it works fine but there are few issue that I noticed which i could not figure out how to do.



  1. After closing browser the session is not getting terminated

  2. Session also doesn't expire if I reopen browser after 2-3 hour

  3. On clicking logout the page is not redirect to my logout page even though I am passing redirect uri

Thanks!!!



azure-ad-b2c
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @RoshanSrivastava-4168 , we are investigating your issue and will update you shortly.

Best,
James

1 Vote 1 ·

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·
JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered

Hi @RoshanSrivastava-4168 , you most likely need to tweak some settings to get this to work. This thread goes into great detail on how you can accomplish this. Also, please take a look at this document. It details how you can customize the session behavior. If you've already viewed this documents or have any other questions please let me know.

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RoshanSrivastava-4168 avatar image
0 Votes"
RoshanSrivastava-4168 answered RoshanSrivastava-4168 rolled back

113497-sign-in2.pngI get that the refresh token may be the reason for the silent authentication. But is there a way to turn off the refresh token flow as the minimum value in the config i can set is 1 days.

The configuration b2c is attached as image. In startup I have following code to enable openid connect

  services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme);
             services.AddMicrosoftIdentityWebAppAuthentication(serviceProvider.GetRequiredService<IConfiguration>(), "AzureAdB2C");
    
             services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, configureOptions: option =>
             {
                  
                 option.GetClaimsFromUserInfoEndpoint = true;
                 option.Events = new OpenIdConnectEvents();
                  
                 option.Events.OnAuthorizationCodeReceived = context =>
                 {
                     // var idToken = context.;
                     return Task.CompletedTask;
                 };
                 option.Events.OnTicketReceived = context =>
                 {
                     context.HttpContext.Session.SetString("sign-id", context.HttpContext.Session?.Id ?? Guid.NewGuid().ToString());
                     // var idToken = context.;
                     return Task.CompletedTask;
                 };
                 option.Events.OnTokenValidated = OpenIdConnectionExtension.OnTicketReceivedCallback;
                 option.Events.OnRemoteFailure = OpenIdConnectionExtension.OnRemoteFailure;
                 option.Events.OnRemoteSignOut = context =>
                 {
                     context.Response.Redirect("/Identity/Account/Logout");
    
                     return Task.CompletedTask;
    
                 };
             });


113440-sign-in.png



sign-in.png (205.4 KiB)
sign-in2.png (184.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.