问题
I have successfully implemented claims authentication in to my project.
As shown here:
var userCredentials = new[] {
new Claim("UserId", userProfile.UserId.ToString()),
new Claim("Username", userProfile.UserName)};
var id = new ClaimsIdentity(userCredentials, "Forms");
var cp = new ClaimsPrincipal(id);
var token = new SessionSecurityToken(cp);
var sam = FederatedAuthentication.SessionAuthenticationModule;
sam.WriteSessionTokenToCookie(token);
Which is working correctly, the issue I'm trying to resolve is signing that user out, I have the following class which is called when the user presses Sign Out
public static void SignOut()
{
FormsAuthentication.SignOut();
}
Which didn't seem to log the user out, so I went on a google search and tried the following:
FederatedAuthentication.SessionAuthenticationModule.SignOut();
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();
Neither of them work either? what could I possibly doing wrong?
This is my config:
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<system.web>
<authentication mode="Forms">
<forms loginUrl="/User/Login" timeout="2880" />
</authentication>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="1048576" />
</system.web>
<modules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</modules>
Any help would be appreciated.
Update
I've just tried the following:
FormsAuthentication.SignOut();
Session.Abandon();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
And redirected to the FAQ page but still I can see links in the navigation which should only been shown if the user is Authenticated.
回答1:
Managed to get this working!!
I now use
var sam = FederatedAuthentication.SessionAuthenticationModule;
sam.DeleteSessionTokenCookie();
Then I do a redirect and it works as expected :)
来源:https://stackoverflow.com/questions/29724713/signout-of-claims-authentication