I have a login function where the user logs in the website through their Microsoft account.
Using the HttpContext class, I am trying to sign out the user with SignOutAsync. The problem I come across is that it works when I do it in Edge, but when I try to sign out in a private window, in chrome, and in firefox, it doesn't sign me out.
[HttpGet("Logout")]
public async Task<IActionResult> Logout()
{
await this.HttpContext.SignOutAsync();
return RedirectToAction("Login", "Account");
}
[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
[HttpGet("Login")]
public async Task<IActionResult> Login()
{
return Redirect(this.homepageLink);
}
I have tried to different overloads of SignOutAsync, such as putting CookieAuthenticationDefaults.AuthenticationScheme, and OpenIdConnectDefaults.AuthenticationScheme, expecting it to fix the problem, but that did not end up happening.
I can provide more details if I am missing any that could help fix this.
Depending on your setup, you need to make sure you sign out of all of the different schemas you are using. This is an example of what I use. It first deletes the cookie, and then uses the well-known functionality of OIDC to perform a global logout by redirecting to my SSO application. If you use OIDC, this works without any additional code on your client.
public IActionResult Logout() => SignOut("Cookies", "oidc");