Failed to exit ASP.NET MVC application using FormsAuthentication.SignOut ()

Question

Failed to exit ASP.NET MVC application using FormsAuthentication.SignOut ()

I am trying to implement exit functionality in ASP.NET MVC.

I am using Autodesk Forms for my project.

This is my exit code:

FormsAuthentication.SignOut(); Response.Cookies.Clear(); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, FormsAuthentication.FormsCookieName, DateTime.Today.AddYears(-1), DateTime.Today.AddYears(-2), true, string.Empty); Response.Cookies[FormsAuthentication.FormsCookieName].Value = FormsAuthentication.Encrypt(ticket); Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Today.AddYears(-2); return Redirect("LogOn");

This code redirects the user to the login screen. However, if I call the action method by specifying a name in the address bar (or select the previous link from the drop-down list of the address bar), I can still get to protected pages without logging in.

Can someone help me solve the problem?

+4

c # .net asp.net asp.net-mvc forms-authentication

vijaysylvester Oct 08 '10 at 9:42

source share

4 answers

To correctly answer your question, I need to know how you protect your "secure" pages.
I suspect that there is something wrong with you.

A simple call to FormsAuthentication.SignOut() should be sufficient, since it clears the authentication cookie, thereby making other calls to methods that you make redundant there.

With ASP.NET MVC, you must use AuthorizeAttribute in the action method to prevent unauthenticated users from using it. (Meaning: The old way you did this using web forms by specifying location tags in Web.config no longer works with MVC .)

For example, here is a small piece of code from my ForumController class:

 public class ForumController : Controller { ... [Authorize] public ActionResult CreateReply(int topicId) { ... } ... }

+1

Venemo Oct 08 '10 at 9:53

source share

The next question is related to the fact that this solution works for me

FormsAuthentication.SignOut () does not register the user

+1

Phil hale Jun 17 '11 at 16:33

source share

This method works if you do not disable [comment] the following tags in the web.config file to easily test your web application.

 public ActionResult SignOut() { FormsAuthentication.SignOut(); return RedirectToAction("Index", "Home"); }

web.config

 <authentication mode="Forms"> <forms name="Your Project Name" defaultUrl="/" loginUrl="/Users/Login" timeout="43200" /> </authentication> <location path="Administrator"> <system.web> <authorization> <allow roles="Administrator" /> <deny users="*" /> </authorization> </system.web> </location> <location path="UserPanel"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location>

0

Jahed kabiri Apr 27 '18 at 9:10

source share

Palantir · Accepted Answer · 2010-10-08T09:53:22+0000

This is strange ... I make one call: FormsAuthentication.SignOut (); and it works ...

 public ActionResult Logout() { FormsAuthentication.SignOut(); return Redirect("~/"); }

Failed to exit ASP.NET MVC application using FormsAuthentication.SignOut ()

More articles: