Logout from access control service with custom STS

Question

I\'m using Windows azure access control service with custom STS. I can login to my application through ACS, but I have trouble with logout function. I\'ve tried this code in my

Answer 1

I have created a helper method for doing FederatedSignout, with comments in the code for what I discovered along the way (hth)

public static void FederatedSignOut(string reply = null)
{
   WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;

   // Native FederatedSignOut doesn't seem to have a way for finding/registering realm for singout, get it from the FAM
   string wrealm = string.Format("wtrealm={0}", fam.Realm);

   // Create basic url for signout (wreply is set by native FederatedSignOut)
   string signOutUrl = WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(fam.Issuer, null, wrealm);

   // Check where to return, if not set ACS will use Reply address configured for the RP
   string wreply = !string.IsNullOrEmpty(reply) ? reply : (!string.IsNullOrEmpty(fam.Reply) ? fam.Reply : null);

   WSFederationAuthenticationModule.FederatedSignOut(new Uri(signOutUrl), !string.IsNullOrEmpty(wreply) ? new Uri(wreply) : null);

   // Remarks! Native FederatedSignout has an option for setting signOutUrl to null, even if the documentation tells otherwise.
   // If set to null the method will search for signoutUrl in Session token, but I couldn't find any information about how to set this. Found some Sharepoint code that use this
   // Michele Leroux Bustamante had a code example (from 2010) that also uses this form.
   // Other examples creates the signout url manually and calls redirect.

   // FAM has support for wsignoutcleanup1.0 right out of the box, there is no need for code to handle this.
   // That makes it even harder to understand why there are no complete FederatedSignOut method in FAM

   // When using native FederatedSignOut() no events for signout will be called, if you need this use the FAM SignOut methods instead.
}

This code is used in a standard RP library we created for Web SSO with ACS.