I have a Blazor server-side application that uses .NET core 3.1. It uses Microsoft.AspNetCore.Authentication.Negotiate to authenticate user through Windows Credentials/Active Directory.
The issue I have is how to sign out user. After various research I found out that certain external authentication methods do not support sign out. For example Windows/AD does not need to be explicitly signed out. The only thing you need to do is clean identity and Claims principles locally in application. That is what I am having trouble with. The user also signs out automatically when you close browser.
I am using this middle ware to authenticate using Negotiate and am trying to clean claims of user during sign out. But it doesn't work.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication;
namespace Test.Middleware
{
internal class ValidateAuthentication : IMiddleware
{
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
try
{
if (context.User.Identity.IsAuthenticated)
{
await next(context);
}
else
{
await context.ChallengeAsync("Negotiate");
}
}
catch(InvalidOperationException) // this is for Windows/Negotiate sign out
{
context.User = new System.Security.Claims.ClaimsPrincipal();
}
}
}
}
Here is my configuration of services
public void ConfigureServices(IServiceCollection services)
{
services.AddRazorPages();
services.AddServerSideBlazor();
services.AddElasticsearch(Configuration);
services.AddHttpContextAccessor();
services.AddScoped<ValidateAuthentication>();
services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
}
Expected result is for user to be signed out. But the actual result is user remains signed in.