Best IT Recipes

Page.User.Identity.IsAuthenticated is still true after FormsAuthentication.SignOut ()

I have a page, when you click "log off", it is redirected to the login.aspx page, which has a Page_Load method that calls FormsAuthentication.SignOut() .

The "log out" link is displayed on the main page in the upper right corner of the screen, and it displays it provided that Page.User.Identity.IsAuthenticated is true . However, after going through the code, this hanging method does not automatically set IsAuthenticated to false , which is very annoying, any ideas?

+61
c # forms-authentication
Oct 29 '10 at 10:18
source share
7 answers

Page.User.Identity.IsAuthenticated gets its value from Page.User (obviously), which, unfortunately, is read-only and is not updated when FormsAuthentication.SignOut() called.

Fortunately, Page.User retrieves the value from Context.User , which can be changed:

 // HttpContext.Current.User.Identity.IsAuthenticated == true; FormsAuthentication.SignOut(); HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), null); // now HttpContext.Current.User.Identity.IsAuthenticated == false // and Page.User.Identity.IsAuthenticated == false

This is useful when you log out of the current user and want to respond to the actual page without the need for redirection. You can check IsAuthenticated where necessary in a single page request.

+98
Apr 10 '13 at 14:21
source share

A person is checked only once per request. After ASP.NET determines whether they are authenticated or not, this will not change for the rest of this request.

For example, when someone logs in. When you set auth cookies to indicate that they are logged in, if you check if they are checked on the same request, it will return false , but on the next request, it will return true . The same thing happens when you register someone. They are still authenticated throughout this request, but the next time they will no longer authenticate. Therefore, if the user clicks the link to log out, you must log them out of the system and then redirect to the login page.

+12
May 26 '11 at 19:12
source share

I remember that I had a similar problem, and I decided that I solved it, the forms authentication cookie expired during exit:

 FormsAuthentication.SignOut(); Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddYears(-1);
+6
Oct 29 '10 at 11:51 on
source share

Why do you execute exit code in login.aspx?

Put this code, for example. logout.aspx:

 FormsAuthentication.SignOut() Session.Abandon() FormsAuthentication.RedirectToLoginPage() HttpContext.Current.ApplicationInstance.CompleteRequest() return

IsAuthenticated will be false in login.aspx. The login and logout code is now split: Single Responsibility.

+4
Dec 06 '16 at 9:30
source share

In your login.aspx method, Page_Load:

 if (!this.IsPostBack) { if (HttpContext.Current.User.Identity.IsAuthenticated) { FormsAuthentication.SignOut(); Response.Redirect(Request.RawUrl); } }
+1
May 16 '11 at 8:51
source share

In one of my applications, when I log into the system with credentials, going to the various forms in the application, I copied one of the URLs of my navigation form and then left the application. in the search tab, I inserted a URL where the browser goes to a specific form in my application without logging in. when validating form authentication, when page.User.Identity.IsAuthenticated becomes true even when page.User.Identity.IsAuthenticated out. The reasons for this is to clear the session upon logout, which I added

 Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now.AddYears(-1);

with this i don't get this problem again and the page.User.Identity.IsAuthenticated flag becomes false when we go to different forms in the application without logging in.

+1
Jul 26 '19 at 5:57
source share

Update

I received comments that my answer did not work with many people. I wrote this answer back in 2011 after a rupture of my hearing. Therefore, I am sure that he solved the problem.

I began to study this 6-year-old problem and came to this solution , which, I believe, may be the right way to delete cookies that are created by them, but with expired dates.



It works for me

 public virtual ActionResult LogOff() { FormsAuthentication.SignOut(); foreach (var cookie in Response.Cookies.AllKeys) { Response.Cookies.Remove(cookie); } return RedirectToAction(MVC.Home.Index()); }
0
May 26 '11 at 19:06
source share


More articles:


All Articles