Single sign out support

dstrockis · dstrockis · commit f16649e65419 · 2016-06-22T11:56:32.000-07:00
diff --git a/README.md b/README.md
@@ -61,8 +61,11 @@ There are two projects in this sample.  Each needs to be separately registered i
 7. Enter a friendly name for the application, for example "TodoListWebApp", select "Web Application and/or Web API", and click next.
 8. For the sign-on URL, enter the base URL for the sample, which is by default `https://localhost:44371/signin-oidc`.
 9. For the App ID URI, enter `https://<your_tenant_name>/TodoListWebApp`, replacing `<your_tenant_name>` with the name of your Azure AD tenant.  Click OK to complete the registration.
-10. While still in the Azure portal, click the Configure tab of your application.
-11. Find the Client ID value and copy it aside, you will need this later when configuring your application.
+1. While still in the Azure portal, click the **Configure** tab of your application.
+2. Locate the **Manage Manifest** button in the bottom drawer.  Click it and download your application's manifest as a `.json` file.
+3. Open the `.json` file in a text editor and change the `logoutUrl` property to `https://localhost:44320/Account/EndSession`.  This is the default single sign out URL for this sample.
+4. Back in the Azure portal, click **Manage Manifest** then **Upload Manifest**, and upload your updated `.json` file.
+5. Finally, locate the **Client ID** value in the **Configure** tab and copy it to your clipboard.  You will need it shortly.
 12. Create a new key for the application.  Save the configuration so you can view the key value.  Save this aside for when you configure the project in Visual Studio.
 13. In "Permissions to Other Applications", click "Add Application."  Select "Other" in the "Show" dropdown, and click the upper check mark.  Locate & click on the TodoListService, and click the bottom check mark to add the application.  Select "Access TodoListService" from the "Delegated Permissions" dropdown, and save the configuration.
 
diff --git a/WebApp-WebAPI-OpenIdConnect-DotNet/Controllers/AccountController.cs b/WebApp-WebAPI-OpenIdConnect-DotNet/Controllers/AccountController.cs
@@ -33,5 +33,11 @@ public async Task LogOff()
                 await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
             }
         }
+
+        public async Task EndSession()
+        {
+            // If AAD sends a single sign-out message to the app, end the user's session, but don't redirect to AAD for sign out.
+            await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -33,5 +33,11 @@ public async Task LogOff()`
`33`	`33`	`await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);`
`34`	`34`	`}`
`35`	`35`	`}`
	`36`	`+`
	`37`	`+ public async Task EndSession()`
	`38`	`+ {`
	`39`	`+ // If AAD sends a single sign-out message to the app, end the user's session, but don't redirect to AAD for sign out.`
	`40`	`+ await HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);`
	`41`	`+ }`
`36`	`42`	`}`
`37`	`43`	`}`