4

I am building an application in ASP.NET MVC with windows authentication. I need a way to logout the logged in user such that a new user can log into the same application without having to close the browser. For this, I found a neat solution which is as below:

public ActionResult LogOut()
{
    HttpCookie cookie = Request.Cookies["TSWA-Last-User"];

    if(User.Identity.IsAuthenticated == false || cookie == null || StringComparer.OrdinalIgnoreCase.Equals(User.Identity.Name, cookie.Value))
    {
        string name = string.Empty;

        if(Request.IsAuthenticated)
        {
            name = User.Identity.Name;
        }

        cookie = new HttpCookie("TSWA-Last-User", name);
        Response.Cookies.Set(cookie);

        Response.AppendHeader("Connection", "close");
        Response.StatusCode = 0x191;
        Response.Clear();
        //should probably do a redirect here to the unauthorized/failed login page
        //if you know how to do this, please tap it on the comments below
        Response.Write("Unauthorized. Reload the page to try again...");
        Response.End();

        return RedirectToAction("Index");
    }

    cookie = new HttpCookie("TSWA-Last-User", string.Empty)
    {
        Expires = DateTime.Now.AddYears(-5)
    };

    Response.Cookies.Set(cookie);

    return RedirectToAction("Index");

}

The problem with this approach however is that the same user cannot login again. It always needs to be a different user to the current one.

I am thinking I should be able to do this this by changing the if clause. I tried removing the StringComparer.OrdinalIgnoreCase.Equals(User.Identity.Name, cookie.Value) condition as well but it fails to work since cookie value could be not null.

Improve this question
1
  • Hi Ala. Sorry to reply so late. I finally discovered that login using the same user credentials is not possible. It does not even work in SharePoint. Commented Sep 4, 2015 at 11:15

1 Answer 1

Reset to default
0

Please, check this post! It worked for me!

https://stackoverflow.com/a/3889441

Just in case, i'm pasting here the code:

@Palantir said:

That's strange... I make one single call to: FormsAuthentication.SignOut(); and it works...

public ActionResult Logout() {
  FormsAuthentication.SignOut();
  return Redirect("~/");
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The above will work in case of Forms Authentication. What we are dealing with here is Windows Authentication. Both are different beasts.
Hi! Oh! Sorry for my wrong answer! I was dealing with authentication forms problems during a while and i just wanted to share my solution but i have omited that little detail. So, in searching for the solution to the question here, i found that unfortunatelly there is no way to logout with windows authentications "No server-side logout button will work when using "Windows" authentication. You must use "Forms" authentication if you want a logout button, or close the user's browser." stackoverflow.com/questions/1067263/… Sorry for my bad english! =/

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.