I have implemented Azure Entra External Id. I am able to login and logout. In Program.cs file when i have configure Entra ID we are using Identity login and logout endpoints. I can't change code of that. I just want to have call to external api on pre-logout. Here is my program.cs file how can i make pre-logout call.
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
using System.IdentityModel.Tokens.Jwt;
var builder = WebApplication.CreateBuilder(args);
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration)
.EnableTokenAcquisitionToCallDownstreamApi(
[
builder.Configuration.GetSection("DownstreamApi:Scopes:Read").Get<string>()!,
builder.Configuration.GetSection("DownstreamApi:Scopes:Write").Get<string>()!
]
)
.AddDownstreamApi("DownstreamApi", builder.Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
builder.Services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
builder.Services.AddRazorPages();// Add services to the container.
builder.Services.AddControllersWithViews();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();
async Task TestMethodAsync(HttpContext context)
{
// Actual async work here
Console.WriteLine("Performing pre-logout actions");
await Task.Delay(1);
}
// This is what i have tried but not working
//builder.Services.ConfigureApplicationCookie(options =>
//{
// options.Events.OnSigningOut = async context =>
// {
// // Call your custom method here
// await TestMethodAsync(context.HttpContext);
// };
//});
Answer
You need to configure OnRedirectToIdentityProviderForSignOut
separately.
builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration)
.EnableTokenAcquisitionToCallDownstreamApi(
[
builder.Configuration.GetSection("DownstreamApi:Scopes:Read").Get<string>()!,
builder.Configuration.GetSection("DownstreamApi:Scopes:Write").Get<string>()!
]
)
.AddDownstreamApi("DownstreamApi", builder.Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
// Configure the events separately
builder.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SaveTokens = true;
options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
{
// Here you can make pre-logout external api calls.
// or you can make call to service which notify to external API's
await TestMethodAsync(context.HttpContext);
};
});