Logout from access control service with custom STS

Question

I\'m using Windows azure access control service with custom STS. I can login to my application through ACS, but I have trouble with logout function. I\'ve tried this code in my

Answer 1

The December 2012 update of ACS includes support for federated single sign-out:

Using the WS-Federation protocol. Web applications that use ACS to enable single sign-on (SSO) with identity providers using the WS-Federation protocol can now take advantage of single sign out capabilities. When a user signs out of a web application, ACS can automatically sign the user out of the identity provider and out of other relying party applications that use the same identity provider.

This feature is enable for WS-Federation identity providers, including Active Directory Federation Services 2.0 and Windows Live ID (Microsoft account). To enable single sign out, ACS performs the following tasks for WS-Federation protocol endpoints:

• ACS recognizes wsignoutcleanup1.0 messages from identity providers and responds by sending wsignoutcleanup1.0 messages to relying party applications.

• ACS recognizes wsignout1.0 and wreply messages from relying party applications and responds by sending wsignout1.0 messages to identity providers and wsignoutcleanup1.0 messages to relying party applications.

From the Code Sample: ASP.NET MVC 4 with Federated Sign-out, implement an Action like this to sign out from ACS:

(Note that Windows Identity Foundation is now incorporated into .NET 4.5 Framework, that's why the new namespaces below)

using System.IdentityModel.Services;
using System.IdentityModel.Services.Configuration;

public ActionResult Logout()
{
    // Load Identity Configuration
    FederationConfiguration config = FederatedAuthentication.FederationConfiguration;

    // Get wtrealm from WsFederationConfiguation Section
    string wtrealm = config.WsFederationConfiguration.Realm;
    string wreply;

    // Construct wreply value from wtrealm (This will be the return URL to your app)
    if (wtrealm.Last().Equals('/'))
    {
        wreply = wtrealm + "Logout";
    }
    else
    {
        wreply = wtrealm + "/Logout";
    }

    // Read the ACS Ws-Federation endpoint from web.Config
    // something like "https://.accesscontrol.windows.net/v2/wsfederation"
    string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"];

    SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint));

    signoutRequestMessage.Parameters.Add("wreply", wreply);
    signoutRequestMessage.Parameters.Add("wtrealm", wtrealm);

    FederatedAuthentication.SessionAuthenticationModule.SignOut();

    string signoutUrl = signoutRequestMessage.WriteQueryString();

    return this.Redirect(signoutUrl);
}