This project has moved and is read-only. For the latest updates, please go here.

Force user to re enter credentials with ws-federation and Azure AD

Mar 2, 2015 at 8:49 AM
Hi!

I use ws-federation with Azure AD in my web application. All is working except that i would like my users to be logged out after 30 minutes of inactivity.

Im using cookieauthentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
    SlidingExpiration = true,
    ExpireTimeSpan = new TimeSpan(0, 30, 0),

}); 
And my wsfederation:
app.UseWsFederationAuthentication(
    new WsFederationAuthenticationOptions
    {
        Wtrealm = _appSettings.Realm,
        MetadataAddress = _appSettings.Metadata,
        AuthenticationMode = AuthenticationMode.Passive,
        SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
        UseTokenLifetime = false,
    });
The user is logged out of the web application after 30 minutes. But when they click the login url and gets redirected to Azure AD they're still logged in and gets automatically signed in to my application again.

I want the users to re enter their credentials before getting signed in again. Is there a way to achieve this?

Regards
Mar 12, 2015 at 3:36 AM
Session State is maintained between the User-Agent and AzureAD. You need to Call Signout.

public void SignOut()
    {
        // Remove all cache entries for this user and send a sign-out request.
        var auth = HttpContext.GetOwinContext().Authentication;
        HttpContext.GetOwinContext().Authentication.SignOut(
            ... with appropriated properties...);
    }
Mar 12, 2015 at 7:59 AM
Yes i have implemented that on the logout button and it works but what i want is the user to automatically get logged out after 30 minutes of inactivity. Not only from my webapplication but from Azure AD as well. I have complete access to the azure AD so i can configure it if necessary but i haven't found any settings to accomplish this.
Apr 27, 2015 at 11:24 PM
You have to use UseOpenIdConnectAuthentication instead of UseWsFederationAuthentication with azure AD in order to achieve this.