Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Azure AD Connect - Synchronization Service Installation fails

September 2, 2019, 6:01 am
$
0
0

Hello everyone,
we have a problem installing azure ad connect on a windows server 2019. when installing the syncronization service an error occurs.this is a first time installation on a brand new server (only AD DS, DNS and DHCP has been installed).
In Azure AD Connect installation wizard, we use the express settings.AD DS Enterprise Admin credentials and Azure AD Global Admin credentials are correct. A service user account issuccessfully auto-generated during the installation.
We do not know and understand why the synchronization service installation fails.
Parts of the logs (in German) attached...

[14:06:53.576] [ 21] [INFO ] Starting Sync Engine installation
[14:06:57.425] [ 21] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  Please see the event log for additional details. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Framework.AccountManagementAdapter.RemoveMembersFromLocalGroup(SecurityIdentifier groupSid, DirectoryEntry[] members)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Framework.SyncServiceAccount.<>c__DisplayClass54_0.<RemoveFromLocalAdministratorsGroup>b__0()
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description, String logFileName, String logFileSuffix)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   bei Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   bei Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   bei Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)

AzureActiveDirectorySyncEngine Error: 906 : SynchronizationServiceSetupTask:InstallCore - Caught unexpected exception. Details System.DirectoryServices.AccountManagement.PrincipalServerDownException: Mit dem Server konnte keine Verbindung hergestellt werden. ---> System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
   bei System.DirectoryServices.Protocols.LdapConnection.Connect()
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Framework.SyncServiceAccount.GetPrincipal(Boolean isDomainController, AccountManagementAdapter localAccountManagementAdapter, AccountManagementAdapter& domainAccountManagementAdapter)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Framework.SyncServiceAccount.ResolveSid(Boolean isDomainController)
   bei Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
AzureActiveDirectorySyncEngine Error: 906 : SyncServiceAccount:RemoveAccountRights - no SidString available
AzureActiveDirectorySyncEngine Information: 904 : SyncServiceAccount:RemoveFromLocalAdministratorsGroup:
AzureActiveDirectorySyncEngine Information: 904 : Starting: Removing the Sync Service account from the local Administrators group...
AzureActiveDirectorySyncEngine Error: 906 : Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
...Please help.
Search

OAuth02 on azure API management

September 2, 2019, 7:17 am
$
0
0

Hello 
I try to generate azure api mangment  for function on azure function app and its work fine but i need to apply OAuth02 becouse security i went to OAuth02 on portal and put this value:

Client regestration page url : https://placeholder.contoso.com

Authorization grant types: Authorization code

Authorization End point :https://login.microsoftonline.com/********/oauth2/authorize

Token End Point :https://login.microsoftonline.com/ ********/oauth2/token

Authorization request method:GET

Client authentication methods: in the body 

Client credentials:*******
Client Id:*******

and on final i make save  i need to know what i need to change to work authentication

Thank you

Azure Active Directory Enterprise Application IdP SAML2 Single Sign Out

September 2, 2019, 8:33 am
$
0
0

Hi, I'm using Azure AD as a third party Identity Provider for a SAML SSO enabled enterprise application. I have configured the application in AD as a non-gallery application and configured the SAML2 SSO properties. SSO login is working as expected, but SSO logout is not working correctly. Azure AD correctly logs out when requested and returns a SAML logout success response:

<samlp:LogoutResponse ID="123XXX" Version="2.0" IssueInstant="2019-09-02T10:09:51.778Z" Destination="xxx/saml2/logout" InResponseTo="123YYY" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/abcdef/</Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </samlp:Status>
</samlp:LogoutResponse>

This logout SAML response is made as a GET request, but my service provider requires a POST request. There seems to be no option in the Azure AD admin interface to specify the Logout URL is a POST, and when I upload the service provider metadata to configure the application SSO SAML2 properties, although the metadata specifies the logout endpoint should be POST, Azure ADignores this and still uses a GET request.

The SP metadata xml includes the following (specifying logout endpoint should be HTTP-POST):

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2020-05-31T15:00:00Z" cacheDuration="PT604800S" entityID="abcdef">
  <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <snip/>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="xxx/saml2/logout" />
    <snip/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

The Azure documentation doesn't specify if the LogoutResponse is sent as GET or POST, or indeed how to configure this:

https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-out-saml-protocol#logoutresponse

Can the LogoutResponse be configured to use a POST request instead of a GET request?

Sync on premesis to AAD Problem - Users on AAD are the same as the on Premesis - It creates a second user on AAD - Local users cant log on!!! HELP!@

September 2, 2019, 3:16 pm
$
0
0

Hello -

I have gone round and round with this. No resolution so for.

I have configured AD Connect for password sync with write back.

I have an on premises Server 2012 R2 with a dozen users. It has a non-routable domain suffix, so I added the public domain suffix in to the local trusted domains. It is now available as a drop down in the user accounts.

When the system syncs, there are duplicate UPN's, of course. So if I change the user logon to the public domain name, no one can log on locally at all. Evidently the passwords are syncing, but that is pretty useless if no one can log on.

Is there any way to connect  both the user accounts on Azure with the local user accounts outside of recreating everything? The local AD users have redirected folders and other customizations. This is making me nuts. I have to stop the sync so that everyone can use their computers on the local domain again. 

Any help would be greatly appreciated.

THANKS!


Configure AAD Sync Error

September 2, 2019, 7:32 pm
$
0
0

Hi all

I had a sucesfull conectivity with my domain controller and aad, after reinstall my domain (on-premise) appears this msg, I checked my MFA in azure and portal.office365 and all is disable

what is the problema, my tenant is comunidadwindows10.onmicrosoft.com

Octavio Rdz thanks in advance

is there is any way to add multiple events on outlook calendar?

August 26, 2019, 11:20 pm
$
0
0
is there is any way to add multiple events on outlook calendar using Microsoft graph. I am able to add one event at a time 

How does AAD administrators group get created?

August 28, 2019, 7:23 pm
$
0
0

How does AAD administrators group get created?  Is there a link for this process?

How do we create a manual Azure AD (not the managed Azure AD DS)?

We will also be extending the on premise original AD DS into the cloud by creating additional DCs in the cloud.  Will we need to reconfigure the original AD DS DCs which are in the cloud to synch with Azure AD DCs?

Wondering if the following order of configuration is correct?

1) Create AD name and  azure AD users.

2) Create VM then then add to the original domain.

3) install feature AD DS tools on the VM

4) Install AD connect to synch Azure AD to original domain ( on-premise)

5) wait for azure AD users to synch

6) add AAD DC Administrators as local admin to the VM created in previous steps.



dsk









Adding UPN suffix in order to use Azure AD Connect

August 30, 2019, 9:22 am
$
0
0

Hi there,

I'll ask this as succinctly as possible; I can provide more detail if needed. Our main DC is on Server 2012 if that is of any consequence to this topic. 

Our AD domain is "company.local". Our public domain (and our O365 email domain) is "companyinc.com". As such our local users are "company\username" and our email identities are "username@companyinc.com". 

My internal domain is not routable, so I can't use Azure AD Connect without making some changes. 

It seems like I can add a UPN suffix named "companyinc.com" and configure each user to use the domain including the suffix. I've researched and it seems that there will be no user-facing consequences. We use no SSO or federated services. 

I have not been able to find answers for the following:

  1. Will my internal domain now look like "company.companyinc.com"? Will usernames inclusive of the domain change from "company\username" to "company.companyinc\username?" I feel dumb asking this: what happens to the .local? 
  2. Will there be any consequences with email? e.g. will O365 want to authenticate user@company.companyinc.com? 

Thanks for reading and for any advice you may have.

Search

we are using /me API from Graph API to get logged in user but we are getting exception i.e Resource not found with random ID

August 30, 2019, 5:02 am
$
0
0

Hi,


we are using /me API from Graph API to get logged in user but we are getting exception i.e Resource not found with random ID



How to delete saved Bitlocker recovery keys from Azure AD device objects?

September 2, 2019, 11:55 pm
$
0
0

I use Azure AD and Intune, which automatically encrypt my AAD joined devices with Bitlocker and back up the recovery keys to Azure AD, accessible from the Azure AD device objects. 

That is great, but I can't seem to find any button to delete these keys after hard drive changes, re-imaging, decryption/re-encyption etc, which cause additional recovery keys to be uploaded but the old ones not automatically removed. 

This causes duplicate/stale keys on some devices. I understand that it is easy to tell which keys are good via the Bitlocker drive ID, but I'd imagine there should be a way to remove them if needed without deleting the entire device object.

Any information on this would be greatly appreciated.

Intune Company Portal error: Your organization has deleted this device. To fix this, contact your system administrator and provide the error code 700003.

June 24, 2019, 7:16 pm
$
0
0

I have recently started getting this error. It's very annoying because it means I have to re- sign in all the time.

As far as I can tell the device *is* properly registered in Company Portal.

  • If I load up my Azure AD profile I can see the device.
  • If I go into Company Portal modern app it says my device has access.
  • If I go into Settings -> Accounts it says "Connected to MDM"

I have tried dsregcmd /join from the SYSTEM command prompt but that hasn't done anything.

dsregcmd /status says:

+----------------------------------------------------------------------+
| Device State                                                         |+----------------------------------------------------------------------+

             AzureAdJoined : NO
          EnterpriseJoined : NO
              DomainJoined : NO

+----------------------------------------------------------------------+
| User State                                                           |+----------------------------------------------------------------------+

                    NgcSet : NO
           WorkplaceJoined : YES
          WorkAccountCount : 2
             WamDefaultSet : NO

+----------------------------------------------------------------------+
| SSO State                                                            |+----------------------------------------------------------------------+

                AzureAdPrt : NO
       AzureAdPrtAuthority : NO
             EnterprisePrt : NO
    EnterprisePrtAuthority : NO

+----------------------------------------------------------------------+
| Work Account 1                                                       |+----------------------------------------------------------------------+

         WorkplaceDeviceId : ***
       WorkplaceThumbprint : ***
              WorkplaceIdp : login.windows.net
         WorkplaceTenantId : ***
       WorkplaceTenantName : ***
           WorkplaceMdmUrl :
      WorkplaceSettingsUrl :
                    NgcSet : NO

+----------------------------------------------------------------------+
| Work Account 2                                                       |+----------------------------------------------------------------------+

         WorkplaceDeviceId : ***
       WorkplaceThumbprint : ***
              WorkplaceIdp : login.windows.net
         WorkplaceTenantId : ***
       WorkplaceTenantName : ***
           WorkplaceMdmUrl :
      WorkplaceSettingsUrl :
                    NgcSet : NO

+----------------------------------------------------------------------+
| Ngc Prerequisite Check                                               |+----------------------------------------------------------------------+

            IsDeviceJoined : NO
             IsUserAzureAD : NO
             PolicyEnabled : YES
          PostLogonEnabled : YES
            DeviceEligible : YES
        SessionIsNotRemote : YES
            CertEnrollment : none
              PreReqResult : WillNotProvision

Getting Error While connecting to MSOL Service

August 6, 2019, 1:43 pm
$
0
0

Hi All,

I have the below script 

$user = "XXXX@XXX.com"
$sspw = ConvertTo-SecureString ‘XXXXXXX’ -AsPlainText -Force

$PlainCred = New-Object System.Management.Automation.PSCredential $user, $sspw

connect-Msolservice -credential $PlainCred

Getting the Below error, Not sure why any advice

connect-Msolservice : An error occurred while sending the request.
At line:1 char:1
+ connect-Msolservice -credential $PlainCred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [Connect-MsolService], HttpRequestException
    + FullyQualifiedErrorId : System.Net.Http.HttpRequestException,Microsoft.Online.Administration.Automation.ConnectM
   solService

Is it possible to revoke user permissions by removing him from the Azure AD Security Group after he signs in?

August 13, 2019, 6:36 am
$
0
0

An AD Group is assigned a role (say Reader for a particular Subscription) and then a member (user) is added to the group.

Now when user logs in to Azure Portal, he gets assigned the same role as the group to which he belongs. Say after signing in to portal, I remove him from the group (by calling API or through CLI), why don't his permissions get revoked?

Azure AD authentication issue

September 3, 2019, 12:15 am
$
0
0

Hi,

For our internal web application, we are using outlook authentication for our users to login to our application. we are using Azure AD authentication with username and password which was implemented using java.

recently all our users were enabled with MFA at organizational level. due to which we are getting the below error:

could you please let us know how we can enable this MFA authentication through java code. attached our code used for doing the authentication using username n pwd.

 @@@@@@@  Inside authenticate  method
log4j:WARN No appenders could be found for logger (com.microsoft.aad.adal4j.UserDiscoveryRequest).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
 @@@@@@@ Inside authenticate  exception
java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AdalClaimsChallengeException: {"error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.\r\nTrace ID: f779f750-4c0f-41d3-96f7-cb2cbe8b3b00\r\nCorrelation ID: a08d809e-4e61-44fa-954c-7c707ccec013\r\nTimestamp: 2019-09-03 06:55:36Z","error":"interaction_required","error_uri":"https:\/\/login.microsoftonline.com\/error?code=50076"}
at java.util.concurrent.FutureTask.report(Unknown Source)
at java.util.concurrent.FutureTask.get(Unknown Source)
at org.kony.kpal.auth.impl.MSOAuthProvider.authenticate(MSOAuthProvider.java:50)
at org.kony.kpal.auth.impl.MSOAuthProvider.main(MSOAuthProvider.java:91)
Caused by: com.microsoft.aad.adal4j.AdalClaimsChallengeException: {"error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.\r\nTrace ID: f779f750-4c0f-41d3-96f7-cb2cbe8b3b00\r\nCorrelation ID: a08d809e-4e61-44fa-954c-7c707ccec013\r\nTimestamp: 2019-09-03 06:55:36Z","error":"interaction_required","error_uri":"https:\/\/login.microsoftonline.com\/error?code=50076"}
at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:124)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:928)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Inside main exception
javax.security.auth.login.LoginException: com.microsoft.aad.adal4j.AdalClaimsChallengeException: {.\r\nTrace ID: f779f750-4c0f-41d3-96f7-cb2cbe8b3b00\r\nCorrelation ID: a08d809e-4e61-44fa-954c-7c707ccec013\r\nTimestamp: 2019-09-03 06:55:36Z","error":"interaction_required","error_uri":"https:\/\/login.microsoftonline.com\/error?code=50076"}

public static String authenticate(String USERNAME, String PASSWORD) throws LoginException {
		   String name ="";
		   AuthenticationContext context, authContext; 
           AuthenticationResult result = null;
           ExecutorService service = null;
		   try {
	        	System.out.println(" @@@@@@@  Inside authenticate  method");
	        	 service = Executors.newFixedThreadPool(1);
                context = new AuthenticationContext(AUTHORITY_URL, false, service);
                Future<AuthenticationResult> future = context.acquireToken(RESOURCE, CLIENT_ID, USERNAME, PASSWORD, null);
                result = future.get();
                String  TOKEN = result.getAccessToken();
                name = result.getUserInfo().getGivenName();
           	// System.out.println("AUTH success result.toString" +result.toString() );
         	 System.out.println(" @@@@@@@  AUTH success TOKEN ==" +TOKEN );
         	 System.out.println(" @@@@@@@ AUTH success name == " +name );
		   }catch (Exception e){			
	        	System.out.println(" @@@@@@@ Inside authenticate  exception");
	            e.printStackTrace();
	        	throw new LoginException(e.getMessage());
	        } finally {
	            service.shutdown();
	        }
        return name;
	}

Account problem for migrated user from local AD to Azure AD

September 3, 2019, 1:45 am
$
0
0

Hi all, 

I have two types of the Azure AD users, migrated users which is migrated from local AD to Azure AD and the other type is the users that created directly on the Azure AD.

My core problem is for migrated users! this users getting locked and reset password not working. I mean the migrated users should be waiting for 15mins then the account could unlock!

BR

Saeid.ADZ

Search

Utilizing SSO for an External Application for B2C Users

August 29, 2019, 12:04 pm
$
0
0

I've got a B2C tenant created and would like to allow the users in my B2C tenant to SSO to an external application (I don't manage or host). The external application has support for setting up SSO using SAML.

https://stackoverflow.com/questions/47324231/how-to-configure-sso-for-azure-ad-b2c implies that you could set this up the same way you would on a normal AD instance, via creating a Non-Gallery Enterprise Application. However if I try and do that it says that I need a premium Azure license to create the Enterprise Application. I was not successful in trying to acquire a premium license and am thinking maybe that's because this is a B2C AD instance maybe it is not even possible to get a premium license for a B2C AD instance. Before pursuing further, is it possible to get a premium license for a B2C AD instance and if so, would getting that allow me to setup the SSO to the external application? 


is it not possible to migrate a domain service from one subscription to another

September 1, 2019, 1:33 pm
$
0
0

Hello Team,

We have an Azure Active Directory Domain service enabled with an LDAP service on our azure. Now the subscription this service is attached to expired and we are now trying to migrate all the resources group attached to the Domain service and LDAP to our new subscription but we are getting an error of the form "resource move is not supported for resource type "Microsoft.AAD/DomainService:(Code:ResourceMovedNotSupported)"

My question now is that is it not possible to migrate a domain service from one subscription to another.

Please how can we resolve the error? 

Modifying the User Groups Synchronized from On-Premise AD

September 3, 2019, 6:27 am
$
0
0
Hi Friends,
 
I have Synchronized Users & User Groups from my On-Premise AD to Azure AD.
 
As you all know,  User Groups synced from On-Premise AD will be having their "Source" as "Windows server AD" while User Groups Created in Azure Ad have their "SOURCE" as "Cloud".
 
I Can add / remove users to/from any USER GROUP created in AZURE CLOUD while I'm not able to add / remove users to/from USER GROUPS synced from On-Premise AD.
 
Why is it so ??
 
And, USERS or USER GROUPS created in Azure AD are not synchronized back into On-Premise AD.
 
 My question is , does the synchronization is BI-DIRECTIONAL i.e from AZURE-AD to ON-PREMISE AD and vice versa or it happens in just one direction i.e ON PREMISE AD to AZURE - AD ??
 
 Many Thanks

Single Sign-On menu item mission from non-gallery app

September 3, 2019, 7:06 am
$
0
0

Hi,

I'm trying to implement a non-gallery app with single sign-on over SAML2 and in every tutorial it says to go under "enterprise apps" -> select the app -> under "manage" click "single sign-on", but the menu item is missing.

What are the prerequisites to use this? I already activated the Azure Premium P2 trial, as I read you need this for SAML.

Can someone give me a pointer? Thanks!


Cookies not clearing on sign out

September 3, 2019, 8:26 am
$
0
0

Hi,

I'm using this code to sign out of my ASP.net Website.

string callbackUrl = Url.Action("SignOutCallback", "Account", routeValues: null, protocol: Request.Url.Scheme);

            HttpContext.GetOwinContext().Authentication.SignOut(
                new AuthenticationProperties { RedirectUri = callbackUrl },
                OpenIdConnectAuthenticationDefaults.AuthenticationType,
                CookieAuthenticationDefaults.AuthenticationType);

It is running in an Azure App Service/App Registration using the AD from my Azure domain to authenticate the user.

The entire project is based of the template provided in Visual Studio 2019 when you select New Project/ASP.NET Web Application and select Work or School Accounts and Cloud - Single Organisation for authentication and select my domain from my Azure account.

The problem is when you select Sign Out on my web page, this code runs and you see the Microsoft page to log the user out but when I browse back to my website I am still logged in. It doesn't seem to clear the cookie from the browser.

Thanks in advance for the help. 

Viewing all 16000 articles
Browse latest View live
Search