0

I'm using windows login in asp.net to login in users however when it comes to the logoff it not working so properly. When click close it takes me to the HTTP Error 401.2 - Unauthorized page if I click cancel it gives me this Unauthorized. Reload the page to try again... Is there a way I could just redirect the user or give them a link to click so it brings them back to home page. And if I sign in as the same user that was logged in before the pop up box continues to show until I enter another user. So what if the same user wants to login again? I have done some research but nothing seems to work.

 public ActionResult SignInAsDifferentUser()
    {

        HttpCookie cookie = Request.Cookies["TWCL-Last-User"];

        if (User.Identity.IsAuthenticated == false || cookie == null || StringComparer.OrdinalIgnoreCase.Equals(base.User.Identity.Name, cookie.Value))
        {

            string name = string.Empty;
            if (Request.IsAuthenticated)
            {
                name = this.User.Identity.Name;
            }

            cookie = new HttpCookie("TWCL-Last-User", name);
           Response.Cookies.Set(cookie);

            Response.AppendHeader("Connection", "close");
            Response.StatusCode = 401;
            Response.Clear();

            Response.Write("Unauthorized. Reload the page to try again..."); 
            Response.End();
            return RedirectToAction("SignInAsDifferentUser");
        }

        cookie = new HttpCookie("TWCL-Last-User", string.Empty)
        {
            Expires = DateTime.Now.AddYears(-5)
        };
        base.Response.Cookies.Set(cookie);

        return RedirectToAction("Index");
    }
  • How is this working, exactly? Is this a LAN environment with a Windows Domain (i.e. NTLM or LDAP/Kerberos) or over the Internet? How is your authentication set-up configured? Are you using IIS' "Windows Authentication" options or ASP.NET's own? What Windows authentication store are you targeting? How are clients' authentication identities provided, processed and persisted? If you're using Windows Authentication (which doesn't use cookies but uses the HTTP `Authorization` header) then why are you using cookies in your code? – Dai Feb 08 '18 at 00:51
  • @Dai Wanted to give the user to login with a difderent user. It is iis windows authentication –  Feb 08 '18 at 01:06
  • You cannot "logout" of Windows Authentication, unfortunately: https://stackoverflow.com/questions/1067263/asp-net-windows-authentication-logout – Dai Feb 08 '18 at 01:08
  • I dont want to log the user to log out but log in as differrent and than when the user closes the window and get this error HTTP Error 401.2 - Unauthorized page just them go back to main page –  Feb 08 '18 at 01:34
  • Thats not possible with windows login? –  Feb 08 '18 at 01:35
  • Correct, it is not possible with IIS Windows Authentication. – Dai Feb 08 '18 at 02:25
  • So no function could be written to allow a user to be able to sign in as a different user using the pop up box –  Feb 08 '18 at 02:32
  • @Dai there's other way –  Feb 08 '18 at 04:36

0 Answers0