[英]Force user to re enter credentials with ws-federation and Azure AD
I use ws-federation with Azure AD in my web application. 我在Web应用程序中将ws-federation与Azure AD一起使用。 All is working except that i would like my users to be logged out after 30 minutes of inactivity.
一切正常,除了我希望用户闲置30分钟后注销。
Im using cookieauthentication: 我正在使用cookieauthentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
SlidingExpiration = true,
ExpireTimeSpan = new TimeSpan(0, 30, 0),
});
And my wsfederation: 而我的wsfederation:
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = _appSettings.Realm,
MetadataAddress = _appSettings.Metadata,
AuthenticationMode = AuthenticationMode.Passive,
SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
UseTokenLifetime = false,
});
The user is logged out of the web application after 30 minutes. 30分钟后,用户从Web应用程序注销。 But when they click the login url and gets redirected to Azure AD they're still logged in and gets automatically signed in to my application again.
但是,当他们单击登录URL并重定向到Azure AD时,他们仍然登录并自动再次登录到我的应用程序。
I want the users to re enter their credentials before getting signed in again. 我希望用户在再次登录之前重新输入其凭据。 Is there a way to achieve this?
有没有办法做到这一点?
Regards 问候
You can change the lifetime of the Azure AD SSO ticket. 您可以更改Azure AD SSO票证的生存期。 The default is 480 minutes I think.
我认为默认值为480分钟。 Just set that to 30 and the users will have to re-authenticate.
只需将其设置为30,用户将必须重新进行身份验证。
Edit : Possibly you can set Force user to enter credential on Azure AD, since this is supported in on-prem ADFS, it might be in AAD, too. 编辑 :可能您可以设置“ 强制用户在Azure AD上输入凭据 ”,因为本地ADFS支持此功能,它也可能在AAD中。
If you do not want to change the global TTL of the SSO tickets you could also send the user to the logout endpoint of the Azure AD if your local TTL expires (but that can be avoided by the user, if he want's to - so you should stick with option 1). 如果您不想更改SSO票证的全局TTL,也可以在本地TTL过期的情况下将用户发送到Azure AD的注销终结点(但是如果用户愿意,可以避免这样做-因此,您应该坚持选项1)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.