2

I have tried every way possible, but I am still not able to logout the current user. Currently I have the following code:

_authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

        string sKey = (string)HttpContext.Current.Session["user"];
        string sUser = Convert.ToString(HttpContext.Current.Cache[sKey]);
        HttpContext.Current.Cache.Remove(sUser);
        HttpContext.Current.Session.Clear();
        HttpContext.Current.Response.Cookies.Clear();
        HttpContext.Current.Request.Cookies.Clear();
        HttpContext.Current.Session.Abandon();

After this, the session is still not cleared. Any ideas?

Authentication startup:

  app.UseCookieAuthentication(new CookieAuthenticationOptions
           {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });

SignIn Code:

    public override ApplicationUser Handle([NotNull]LoginCommand command)
    {
        var user = _userManager.Find(command.Login, command.Password);
        if (user == null)
        {
            throw new RentalApplicationValidationException("No valid login");
        }

        _authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
        var identity = _userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
        _authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);

        return user;
    }
Improve this question
7
  • what is your sign-in code look like? and Authentication startup configuration? Commented Apr 12, 2016 at 0:05
  • Thanks for you reply. See edit in my post. Commented Apr 12, 2016 at 7:34
  • Actual SignOut looks OK, but you are talking about session. Identity does not use session for authentication, only cookies. Do you have other code that uses session for auth? Commented Apr 12, 2016 at 10:42
  • No, I am not using it anywhere else. What is noticed is when I trigger the signout method directly in my Controller, everything works. When triggering the signout method from my command, it's not working. Commented Apr 12, 2016 at 11:00
  • 1
    Possible duplicate of ASP.Net Identity Logout Commented Apr 27, 2017 at 11:19

2 Answers 2

Reset to default
0

You need to call the SignOut within the AuthenticationManager I see you are trying above but are you getting it from the Owin context

try the below at the end of your code.

var authetication = HttpContext.Current.GetOwinContext().Authentication;
authentication.SignOut();

Another way is to clear the cookie (i have seen again you tried this above but try it with just the AuthCookie) by setting the year by -1.. it seems when you Session.Abandon() the cookie is still there and same with FormsAuthentication.SignOut().. try something like this at the end of your code:

HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, "");
authCookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(authCookie);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I am using autofac to register all managers from Asp.net identity like this: builder.Register(c => HttpContext.Current.GetOwinContext().Authentication) .As<IAuthenticationManager>() .InstancePerRequest(); When I resolve this in my command, I am not able to logout. When I request the authenticatonmanager via GetOwinContext in my controller directly, it works. How can I make it work in my command?
0

You need to call

HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.