Re: Logout

From: Ron Cicotte (msnews@summerstreet.net)
Date: 04/22/03


From: "Ron Cicotte" <msnews@summerstreet.net>
Date: Mon, 21 Apr 2003 18:01:23 -0400


Victor,

I am using forms authentication and it seems to work fine except for the
FormsAuthentication.Signout(). I have a login page with the following code
in the Page_Load function:

private void Page_Load(object sender, System.EventArgs e)

{

//utilities for managing database I/O

Util=new vci_Utilities(this);

if (!IsPostBack)

{

// check forms authentication and set isloggedin = true if the user is
logged in.

LoginCookies();

// auto logout when coming back to this page after logging in

if(isLoggedIn)

{

FormsAuthentication.SignOut();

isLoggedIn = false;

Session.Abandon();

Response.Redirect("Login.aspx",true);

}

Login_Show();

}

else

{

uid = Int32.Parse(ViewState["uid"].ToString());

isLoggedIn = (bool)ViewState["IsLoggedIn"];

}

}

LoginCookies tests to see if the user is logged in using the
Request.IsAuthenticated attribute and sets a page var (bool isLoggedIn)
based on the result. The problem is that the the SignOut() method is not
removing the authentication cookie as expected. Request.IsAuthenticated
always returns true. I have a watch on the IsAuthenticated attribute in my
VS debugger and it does not change after the Signout() method is invoked. I
test it immediately following the repost after redirection and it is still
true.

What can I do?

I have posted this elswhere in this newsgroup but this seemed an appropriate
place to bring it up again.

Thanks for whatever advice you may have.

-ron

"Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> wrote in message
news:#G7fAuQBDHA.2376@TK2MSFTNGP10.phx.gbl...
> Hi Brian,
>
> Take a look at the FormsAuthentication.SignOut method,
>
> --
> Victor Garcia Aprea
> Microsoft MVP | ASP.NET
>
> "Brian Morris" <brian@usd475.com> wrote in message
> news:ege6kWPBDHA.28568@TK2MSFTNGP10.phx.gbl...
> > I have an application that I am using FormsAuthentication on. I don't
> fully
> > understand the process and copied the code to make it work from a book.
> >
> > What I want to make is a Logout button that destroys their
authentication.
> > I would guess that this is pretty easy since using this authentication
> > method was pretty easy in the first place.
> >
> > Can someone please provide me with the syntax to make the application
> think
> > I am no longer authenticated. I don't want to have my client close
their
> > browser and am not sure that would work anyway. I haven't tried that
> > because I am still developing my app.
> >
> > tia,
> > -brian
> >
> >
>
>



Relevant Pages

  • Re: Logout
    ... What version of .NET Framework are you using? ... There is a bug with Signout() ... | I am using forms authentication and it seems to work fine except for the ... | // check forms authentication and set isloggedin = true if the user is ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Forms Authentication SignOut does not remove Cookie
    ... I am using forms authentication and it seems to work fine except for the ... // check forms authentication and set isloggedin = true if the user is ... LoginCookies tests to see if the user is logged in using the ... VS debugger and it does not change after the Signout() method is invoked. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How to disable the IE Back button
    ... If you are using Forms authentication it should not happen that, ... when you hit the back button it will ask for user name and password again. ... > our application when ever the user presses the SIGNOUT button. ... > Raghuraman(a drop in the ocean) ...
    (microsoft.public.dotnet.framework.aspnet)