问题描述
我在 WPF 桌面应用程序中使用 MSAL,该应用程序需要允许用户登录和注销 Azure AD v2.0.Microsoft 的 Graph 访问示例 和其他大多数示例我请参阅使用 PublicClientApplication.Remove(IUser)
注销,例如 在这个函数中:
I'm using MSAL in a WPF desktop application that needs to allow users to sign in and out against Azure AD v2.0. Microsoft's Graph access sample and most of the other examples I see use PublicClientApplication.Remove(IUser)
to log out, like in this function:
//(from Microsoft's example)
/// <summary>
/// Sign out the current user
/// </summary>
private void SignOutButton_Click(object sender, RoutedEventArgs e)
{
if (App.PublicClientApp.Users.Any())
{
try
{
App.PublicClientApp.Remove(App.PublicClientApp.Users.FirstOrDefault());
this.ResultText.Text = "User has signed-out";
this.CallGraphButton.Visibility = Visibility.Visible;
this.SignOutButton.Visibility = Visibility.Collapsed;
}
catch (MsalException ex)
{
ResultText.Text = $"Error signing-out user: {ex.Message}";
}
}
}
据我所知,Remove(IUser)
似乎删除了该用户及其令牌的 MSAL 缓存,但它似乎并未真正将用户注销.如果我尝试再次登录我的应用程序,我以前的用户将显示为已登录",单击将使我以该用户身份登录,而无需再次提供凭据.使用 Microsoft 身份验证库 (MSAL) 时无法注销 考虑到 MSAL 的当前状态,我觉得我需要手动注销.
From what I can see, it looks like Remove(IUser)
deletes MSAL's cache of that user and their tokens, but it doesn't seem like it's actually signing the user out. If I try to log in to my app again, my previous user will show up as "signed in" and clicking will log me in as that user without having to provide credentials again. Logout does not work when using Microsoft Authentication Library (MSAL) makes me think I will need to log out manually, given the current state of MSAL.
我发现了很多网络应用教程,例如 this Microsoft one 说退出应该涉及删除应用程序的本地记录(看起来像 Remove(IUser)
正在做),并且还重定向到
I've found a lot of web-app tutorials like this Microsoft one that say a sign-out should involve deleting the app's local record (what it looks like Remove(IUser)
is doing), and also redirecting to some variant of
GET https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
但我的应用不在网络浏览器中,所以我不确定如何处理该请求.在使用 MSAL 时如何真正注销?
But my app isn't in a web browser, so I'm not sure what to do with that request. How do I really log out while using MSAL?
推荐答案
你是对的,Remove(IUser) 方法只是将用户从缓存中移除.我们还没有实现一个 Signout 方法,正如您所写的那样,它将利用注销端点.这是我们希望在未来提供的东西.请注意,有两种退出方式:从应用程序退出和从设备退出.
You are right, the Remove(IUser) method only removes the user from the cache. We have not yet implemented a Signout method, which would, as your write, leverage the logout endpoint. This is something we want to provide in the future. Note that there are two forms of sign-out: sign-out from the app, and signout from the device.
要回答您的最后一个问题,您的 WPF 应用确实不是 Web 浏览器,但它包含一个嵌入式 Web 浏览器,该浏览器保留一个会话 cookie,需要通过向 azure AD 发送注销请求来清除它.
To answer your last question, your WPF app is not a web browser indeed, but it contains an embedded web browser, which keeps a session cookie, that needs to be cleared by sending azure AD a logout request.
这篇关于如何在桌面应用程序中从 Azure AD 2.0/MSAL 注销?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!