How to get ADAL to check username before using cached login credentials to logon user to application
Question
I have an ASP.NET MVC application that uses Azure Active Directory for authentication. All works perfectly except for this scenario.
- Launch application and login using user@domain.com, the user is authenticated and application home page is displayed
- Close browser (Logoff not implemented)
- Launch application again and click login as another user
- Enter username as abc@domain.com - This user is fake and does not exist
Expected behavior: Some error saying the user does not exist or login failed
Application behavior: Logs in user@domain.com by default without checking the new username that's entered.
Note: portal.azure.com works the same way.
Question: Is there a way to change this behavior so that the username is validated or authenticated before the cached token is used.
thanks
1 answers
solution1
0 ACCPTED 2019-04-10 06:27:37
This is by design.We do not go to AAD for authentication every time, cached credentials as used as the tokens / cookies the client has received during the initial login are good enough to get access to the resources.
There are two ways to achieve what you are looking for
1) Implement Sign out( feasible and optimum solution)
2) Implement a Auth filter and apply at a global level so for every request it has to validate the token and user name provide by user.
Hope it helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.