我编写了一个使用 Azure/Entra ID 进行身份验证的 .Net 8 Blazor WASM 应用程序。我们需要在用户空闲时执行自动注销,并在注销后绕过“选择用户弹出窗口”。
这是我的 Program.cs 代码:
using Microsoft.AspNetCore.Components.Web;
using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
using THDVirtualAgent;
var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.RootComponents.Add<App>("#app");
builder.RootComponents.Add<HeadOutlet>("head::after");
builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
builder.Services.AddMsalAuthentication(options =>
{
builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
// Redirect to home page after login failure
options.AuthenticationPaths.LogInFailedPath = "/?loginFailed=true";
// Redirect to home page after logout
options.AuthenticationPaths.LogOutSucceededPath = "/";
});
var assemblyName = System.Reflection.Assembly.GetExecutingAssembly().GetName().Name;
await builder.Build().RunAsync();
以下是空闲定时器到期时调用的方法:
[JSInvokable]
public Task HandleInactivityAsync()
{
//Set the sign out state using the SignOutSessionStateManager
SignOutManager.SetSignOutState();
// Currently not used, but could be used to extract the login hint from the user's claims
var loginHint = ExtractLoginHintFromClaims();
//Navigate to the logout page
NavigationManager.NavigateTo($"authentication/logout");
return Task.CompletedTask;
}
我已在 Azure/Entra ID 中的应用程序注册中启用了 login_hint 可选声明。这是我的应用程序清单中的部分:
"optionalClaims": {
"idToken": [
{
"name": "login_hint",
"source": null,
"essential": false,
"additionalProperties": []
}
],
"accessToken": [],
"saml2Token": []
},
希望在修改 Blazor 应用程序代码以包含
login_hint
参数并在注销后绕过“选择用户弹出窗口”时帮助您指明正确的方向,您应该能够参考以下内容。
了解更多信息 - 如何注销 OAuth2 应用程序而不提示选择用户。
// Construct the logout URL with the logout_hint and post_logout_redirect_uri parameters
var logoutUrl = $"https://login.microsoftonline.com/{tenant}/oauth2/logout?post_logout_redirect_uri={logoutRedirectUri}&logout_hint={userId}";
var logoutUrl = $"authentication/logout?login_hint={userId}&post_logout_redirect_uri={logoutRedirectUri}&prompt=none";
//Open ID Connect/OAuth2 application example:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/logout?post_logout_redirect_uri={redirect_uri}&logout_hint={user_id}
附加链接:
我希望这有帮助!