How to Expires access token on sign out?

runrunrun · ‎11-22-2016

Hi,

I developed MVC application that login using login.windows.net page, see this code

            var responseUri = GetResponseUri();
            var @params = new NameValueCollection
            {
                {"response_type", "code"},
                {"client_id", clientId},
                {"resource", powerbiapiUrl},
                {"redirect_uri", responseUri}
            };
            var queryString = HttpUtility.ParseQueryString(string.Empty);
            queryString.Add(@params);
            string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
            return Redirect($"{authorityUri}?{queryString}");

When the user successfully login, the response treated using this code

            var responseUri = GetResponseUri();
            string code = Request["code"];
            // Get auth token from auth code       
            TokenCache tokenCache = new TokenCache();
            AuthenticationContext authenticationContext = new AuthenticationContext(authorityUri, tokenCache);

            ClientCredential clientCredential = new ClientCredential (               clientId, clientSecret );

            AuthenticationResult authenticationResult;
            try
            {
                authenticationResult = await authenticationContext.AcquireTokenByAuthorizationCodeAsync(code,                    new Uri(responseUri), clientCredential);
            }
            catch (Exception)
            {
                return new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
            }

            if (authenticationResult == null)
                return new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
            //Set Session "access_token" 
            Session["access_token"] = authenticationResult.AccessToken;
            //Redirect back to Home
            return RedirectToAction("Index", "Home");

The problem is user can't sign out using this link "https://login.windows.net/common/oauth2/logout".

When user press back the authenticationResult.AccessToken automatically filled with the previous token without prompting the user login

It will be strange to login 2 times ( login to web app then login again to access the power bi report)

Thanks.

Eric_Zhang · ‎11-25-2016

@runrunrun
I don't get the problem "user can't sign out", maybe something to do with the azure ad authentication?

runrunrun · ‎11-25-2016

Thanks for replying.

Okay, let me try to explain with some code.

  public ActionResult Index()
        {
            if (Session["access_token"] == null)
                return RedirectToAction("Index", "Admin");
         
            return View();
        }

First my app check if there is "access_token" in session, if there is not it will redirect to this link

https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=8c8xxxx-blah-blah-8f4....

It will prompt the user to login using their account, then it fill Session["access_token"] with the token from authenticationResult.AccessToken; so they can see power bi reports in my apps. Then there is logout button (see the code below)

 public ActionResult Logout()
        {
            Session.Abandon();
            Session["access_token"] = null;
            return Redirect("https://login.windows.net/common/oauth2/logout");
        }

But if they press back button (go back one page), user still can see the reports. After I debug it, the authenticationContext.AcquireTokenByAuthorizationCodeAsync not prompting user to login again, it automatically filled Session["access_token"] with the token.

I'm not using Azure AD. I registered my app via https://dev.powerbi.com/apps.

Hope you can understand my problem (and my english). Thanks :).

How to Expires access token on sign out?

Helpful resources

Fabric Community Update - July 2025

Power BI Monthly Update - July 2025

Party with Power BI’s own Guy in a Cube

How to Expires access token on sign out?

Helpful resources

Fabric Community Update - July 2025

Power BI Monthly Update - July 2025