4

I am building an application in ASP.NET MVC with windows authentication. I need a way to logout the logged in user such that a new user can log into the same application without having to close the browser. For this, I found a neat solution which is as below:

public ActionResult LogOut()
{
    HttpCookie cookie = Request.Cookies["TSWA-Last-User"];

    if(User.Identity.IsAuthenticated == false || cookie == null || StringComparer.OrdinalIgnoreCase.Equals(User.Identity.Name, cookie.Value))
    {
        string name = string.Empty;

        if(Request.IsAuthenticated)
        {
            name = User.Identity.Name;
        }

        cookie = new HttpCookie("TSWA-Last-User", name);
        Response.Cookies.Set(cookie);

        Response.AppendHeader("Connection", "close");
        Response.StatusCode = 0x191;
        Response.Clear();
        //should probably do a redirect here to the unauthorized/failed login page
        //if you know how to do this, please tap it on the comments below
        Response.Write("Unauthorized. Reload the page to try again...");
        Response.End();

        return RedirectToAction("Index");
    }

    cookie = new HttpCookie("TSWA-Last-User", string.Empty)
    {
        Expires = DateTime.Now.AddYears(-5)
    };

    Response.Cookies.Set(cookie);

    return RedirectToAction("Index");

}

The problem with this approach however is that the same user cannot login again. It always needs to be a different user to the current one.

I am thinking I should be able to do this this by changing the if clause. I tried removing the StringComparer.OrdinalIgnoreCase.Equals(User.Identity.Name, cookie.Value) condition as well but it fails to work since cookie value could be not null.

Sairaj
  • 199
  • 3
  • 11
  • Hi Ala. Sorry to reply so late. I finally discovered that login using the same user credentials is not possible. It does not even work in SharePoint. – Sairaj Sep 04 '15 at 11:15

1 Answers1

0

Please, check this post! It worked for me!

https://stackoverflow.com/a/3889441

Just in case, i'm pasting here the code:

@Palantir said:

That's strange... I make one single call to: FormsAuthentication.SignOut(); and it works...

public ActionResult Logout() {
  FormsAuthentication.SignOut();
  return Redirect("~/");
}
Community
  • 1
  • 1
lmoglia
  • 494
  • 5
  • 13
  • The above will work in case of Forms Authentication. What we are dealing with here is Windows Authentication. Both are different beasts. – Sairaj Oct 21 '15 at 09:29
  • 3
    Hi! Oh! Sorry for my wrong answer! I was dealing with authentication forms problems during a while and i just wanted to share my solution but i have omited that little detail. So, in searching for the solution to the question here, i found that unfortunatelly there is no way to logout with windows authentications "No server-side logout button will work when using "Windows" authentication. You must use "Forms" authentication if you want a logout button, or close the user's browser." http://stackoverflow.com/questions/1067263/asp-net-windows-authentication-logout Sorry for my bad english! =/ – lmoglia Oct 28 '15 at 14:16