Search code examples
c#asp.net-mvcazure-active-directory

Azure AD: can not LOG IN after LOG OUT MVC5.NET C#

I have web application that should support Azure AD. I already have successful log in with redirect Home/Index Also successful log out with redirect to Home/Index. But when i am trying to log in after log out error occurs "We couldn't sign you in. Please try again"

in azure itself shown that all loggings are successful. Moreover, if clear browser cash and reload - it redirects to necessary logged user. Any ideas how to resolve it?

//Startup

  public void Configuration(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                RedirectUri = redirectUri,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                ResponseType = "code id_token",
                Scope = "openid profile", // Include any other required scopes
                
                TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = false // Set to true if you want to validate the issuer
                },
                MetadataAddress = metadataAddress, 
                CookieManager = new SystemWebCookieManager()             
            });
        }

Logout Method in user controller

 public void Logout()
        {

            // Clear session data on logout
            HttpContext.Session.Clear();
            HttpContext.Session.Abandon(); // Optional, but recommended

            HttpContext.GetOwinContext().Authentication.SignOut(
                //new AuthenticationProperties { RedirectUri = postLogoutRedirectUri },
                OpenIdConnectAuthenticationDefaults.AuthenticationType,
                CookieAuthenticationDefaults.AuthenticationType);         
        }

Home/Index

  public ActionResult Index()
        {
            var claimsIdentity = User.Identity as ClaimsIdentity;
            var name = claimsIdentity.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name).Value;
            var x = HttpContext.Session["UserID"];
            // If the user is authenticated, redirect to the appropriate view based on user type
            if (User.Identity.IsAuthenticated)
            {
                //var claimsIdentity = User.Identity as ClaimsIdentity;
               // var name = claimsIdentity.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name).Value;
                HttpContext.Session["UserID"] = name;
                if (User.IsInRole("some role"))
                {
                    return RedirectToAction("Index", "Admin");
                }
                else
                {

                    return RedirectToAction("Index", "User");
                }
            }
            if (!Request.IsAuthenticated)
            {
                // If the user is not authenticated, initiate the Azure AD authentication flow
                HttpContext.GetOwinContext().Authentication.Challenge(
                    new AuthenticationProperties { RedirectUri = redirectUri },
                    OpenIdConnectAuthenticationDefaults.AuthenticationType
                );

            }


            return new EmptyResult();
        }

I tried to clear cookies after logout but it didn't helped.

enter image description here

Also during debugging i noticed that it just looped in Index, cause User.Identity.IsAuthenticated = false ( but it should be true after entering credentials)

Solution

  • i resolved it by myself: the last version of Microsoft.Owin (4.2.2) is bugged. I rolled bacl to version 4.1.0 and everything started to work. It took 5 days for me to figured out.