26

How to logout an user logged in with the ASP.Net Identity system?

I tried:

Authentication.SignOut();

But if I use this and then call an API marked with [Authorize] (adding the token as an header) It still returns me the data (instead of Unauthorized).

Improve this question
1
  • Did you add specific users or groups that can use this resource? Commented Dec 21, 2013 at 0:54

2 Answers 2

Reset to default
47

You need to call SignOut on the AuthenticationManager which you can get from the OWIN context.

var AuthenticationManager= HttpContext.GetOwinContext().Authentication;
AuthenticationManager.SignOut();
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

just a quick fix: it should include Current: HttpContext.Current.GetOwinContext().Authentication
If you're inside an ASP.NET MVC controller you've got an instance property HttpContext from the base class, so you don't need HttpContext.Current in that scenario.
@MatthewWalton true, but if you are in let's say your custom HttpModule, then you certainly need HttpContext.Current...
Presumably this is pre .Net Core. Any idea how to do it in Core?
@Auspex just tried out some methods, in my case the SignOutAsync() Method of the SingInManager class worked
|
1

In my case, because i had Authorize attribute in my AccountController with admin role at class level i had to put [AllowAnonymous] attribute to my logout method. May be a solution to you too.

Improve this answer

1 Comment

you could get an exception if an anonymous user tried to logout having the url. You should make a role only as a flag to a logged user. Same role to index logged user.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.