問題描述
我在 WPF 桌面應用程序中使用 MSAL,該應用程序需要允許用戶登錄和注銷 Azure AD v2.0.Microsoft 的 Graph 訪問示例 和其他大多數示例我請參閱使用 PublicClientApplication.Remove(IUser) 注銷,例如 在這個函數中:
I'm using MSAL in a WPF desktop application that needs to allow users to sign in and out against Azure AD v2.0. Microsoft's Graph access sample and most of the other examples I see use PublicClientApplication.Remove(IUser) to log out, like in this function:
//(from Microsoft's example)
/// <summary>
/// Sign out the current user
/// </summary>
private void SignOutButton_Click(object sender, RoutedEventArgs e)
{
if (App.PublicClientApp.Users.Any())
{
try
{
App.PublicClientApp.Remove(App.PublicClientApp.Users.FirstOrDefault());
this.ResultText.Text = "User has signed-out";
this.CallGraphButton.Visibility = Visibility.Visible;
this.SignOutButton.Visibility = Visibility.Collapsed;
}
catch (MsalException ex)
{
ResultText.Text = $"Error signing-out user: {ex.Message}";
}
}
}
據我所知,Remove(IUser) 似乎刪除了該用戶及其令牌的 MSAL 緩存,但它似乎并未真正將用戶注銷.如果我嘗試再次登錄我的應用程序,我以前的用戶將顯示為已登錄",單擊將使我以該用戶身份登錄,而無需再次提供憑據.使用 Microsoft 身份驗證庫 (MSAL) 時無法注銷 考慮到 MSAL 的當前狀態,我覺得我需要手動注銷.
From what I can see, it looks like Remove(IUser) deletes MSAL's cache of that user and their tokens, but it doesn't seem like it's actually signing the user out. If I try to log in to my app again, my previous user will show up as "signed in" and clicking will log me in as that user without having to provide credentials again. Logout does not work when using Microsoft Authentication Library (MSAL) makes me think I will need to log out manually, given the current state of MSAL.
我發現了很多網絡應用教程,例如 this Microsoft one 說退出應該涉及刪除應用程序的本地記錄(看起來像 Remove(IUser) 正在做),并且還重定向到
I've found a lot of web-app tutorials like this Microsoft one that say a sign-out should involve deleting the app's local record (what it looks like Remove(IUser) is doing), and also redirecting to some variant of
GET https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
但我的應用不在網絡瀏覽器中,所以我不確定如何處理該請求.在使用 MSAL 時如何真正注銷?
But my app isn't in a web browser, so I'm not sure what to do with that request. How do I really log out while using MSAL?
推薦答案
你是對的,Remove(IUser) 方法只是將用戶從緩存中移除.我們還沒有實現一個 Signout 方法,正如您所寫的那樣,它將利用注銷端點.這是我們希望在未來提供的東西.請注意,有兩種退出方式:從應用程序退出和從設備退出.
You are right, the Remove(IUser) method only removes the user from the cache. We have not yet implemented a Signout method, which would, as your write, leverage the logout endpoint. This is something we want to provide in the future. Note that there are two forms of sign-out: sign-out from the app, and signout from the device.
要回答您的最后一個問題,您的 WPF 應用確實不是 Web 瀏覽器,但它包含一個嵌入式 Web 瀏覽器,該瀏覽器保留一個會話 cookie,需要通過向 azure AD 發送注銷請求來清除它.
To answer your last question, your WPF app is not a web browser indeed, but it contains an embedded web browser, which keeps a session cookie, that needs to be cleared by sending azure AD a logout request.
這篇關于如何在桌面應用程序中從 Azure AD 2.0/MSAL 注銷?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!