Am currently setting up a web app hosted in Azure using Azure Active Directory for authentication, have almost worked all the kinks out but one issues remains. If a user has logged into a different Directory before hitting my sign-in page (in this case it is a University Office 365 login for email), the credential seems cached and Azure attempts to use it to log into my site, is there a way I can force the login screen on every sign-in and avoid re-use of a cached credential?
Project setup has been mainly standard, ASP.NET MVC architecture with default Azure Active Directory authentication settings.
Thanks!
Discovered the solution as soon as I posted. Implemented a signout and self-redirect to the sign-in method. Code is below:
public void SignIn(bool? signedOut)
{
// Send an OpenID Connect sign-in request.
if (!Request.IsAuthenticated)
{
// If the user is currently logged into another directory, log them out then attempt to
// reauthenticate under this directory
if (signedOut == null || signedOut == false)
{
HttpContext.GetOwinContext().Authentication.SignOut(
new AuthenticationProperties { RedirectUri = Url.Action("SignIn", "Account", routeValues: new { signedOut = true }, protocol: Request.Url.Scheme) },
OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
else
{
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
}
Thanks anyway!