Re: Logout

From: [MSFT]Allen (yweng_at_online.microsoft.com)
Date: 04/25/03

  • Next message: dave: "Intranet Windows Auth and Forms"
    Date: Fri, 25 Apr 2003 10:10:58 GMT
    
    

    What version of .NET Framework are you using? There is a bug with Signout()
    in beta builds. But it has already been fixed. Make sure that the page you
    are requesting denies access to the anonymous user in the web.config file:
    <authorization> <deny user=Ħħ?Ħħ /> </ authorization>. Also ensure that the
    cookie path in your application is set to "/".

    If the problem still exists, please try using the code snippet below rather
    than Signout()

                FormsAuthentication.Initialize();
                HttpContext context = HttpContext.Current;
                HttpCookie cookie = new
    HttpCookie(FormsAuthentication.FormsCookieName, "");
                cookie.Path = "/";
                cookie.Expires = new System.DateTime(1999, 10, 1);
                context.Response.Cookies.Add(cookie);

    HTH,
    -Allen

     
    Disclaimer:
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Got .Net? http://www.gotdotnet.com

    --------------------
    | From: "Ron Cicotte" <msnews@summerstreet.net>
    | References: <ege6kWPBDHA.28568@TK2MSFTNGP10.phx.gbl>
    <#G7fAuQBDHA.2376@TK2MSFTNGP10.phx.gbl>
    | Subject: Re: Logout
    | Date: Mon, 21 Apr 2003 18:01:23 -0400
    | Lines: 111
    |
    | Victor,
    |
    | I am using forms authentication and it seems to work fine except for the
    | FormsAuthentication.Signout(). I have a login page with the following
    code
    | in the Page_Load function:
    |
    | private void Page_Load(object sender, System.EventArgs e)
    |
    | {
    |
    | //utilities for managing database I/O
    |
    | Util=new vci_Utilities(this);
    |
    | if (!IsPostBack)
    |
    | {
    |
    | // check forms authentication and set isloggedin = true if the user is
    | logged in.
    |
    | LoginCookies();
    |
    | // auto logout when coming back to this page after logging in
    |
    | if(isLoggedIn)
    |
    | {
    |
    | FormsAuthentication.SignOut();
    |
    | isLoggedIn = false;
    |
    | Session.Abandon();
    |
    | Response.Redirect("Login.aspx",true);
    |
    | }
    |
    | Login_Show();
    |
    | }
    |
    | else
    |
    | {
    |
    | uid = Int32.Parse(ViewState["uid"].ToString());
    |
    | isLoggedIn = (bool)ViewState["IsLoggedIn"];
    |
    | }
    |
    | }
    |
    | LoginCookies tests to see if the user is logged in using the
    | Request.IsAuthenticated attribute and sets a page var (bool isLoggedIn)
    | based on the result. The problem is that the the SignOut() method is not
    | removing the authentication cookie as expected. Request.IsAuthenticated
    | always returns true. I have a watch on the IsAuthenticated attribute in
    my
    | VS debugger and it does not change after the Signout() method is invoked.
     I
    | test it immediately following the repost after redirection and it is still
    | true.
    |
    | What can I do?
    |
    | I have posted this elswhere in this newsgroup but this seemed an
    appropriate
    | place to bring it up again.
    |
    | Thanks for whatever advice you may have.
    |
    | -ron
    |
    |
    |
    | "Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> wrote in message
    | news:#G7fAuQBDHA.2376@TK2MSFTNGP10.phx.gbl...
    | > Hi Brian,
    | >
    | > Take a look at the FormsAuthentication.SignOut method,
    | >
    | > --
    | > Victor Garcia Aprea
    | > Microsoft MVP | ASP.NET
    | >
    | > "Brian Morris" <brian@usd475.com> wrote in message
    | > news:ege6kWPBDHA.28568@TK2MSFTNGP10.phx.gbl...
    | > > I have an application that I am using FormsAuthentication on. I don't
    | > fully
    | > > understand the process and copied the code to make it work from a
    book.
    | > >
    | > > What I want to make is a Logout button that destroys their
    | authentication.
    | > > I would guess that this is pretty easy since using this authentication
    | > > method was pretty easy in the first place.
    | > >
    | > > Can someone please provide me with the syntax to make the application
    | > think
    | > > I am no longer authenticated. I don't want to have my client close
    | their
    | > > browser and am not sure that would work anyway. I haven't tried that
    | > > because I am still developing my app.
    | > >
    | > > tia,
    | > > -brian
    | > >
    | > >
    | >
    | >
    |
    |
    |


  • Next message: dave: "Intranet Windows Auth and Forms"

    Relevant Pages

    • Re: How to disable the IE Back button
      ... If you are using Forms authentication it should not happen that, ... when you hit the back button it will ask for user name and password again. ... > our application when ever the user presses the SIGNOUT button. ... > Raghuraman(a drop in the ocean) ...
      (microsoft.public.dotnet.framework.aspnet)
    • Forms Authentication SignOut does not remove Cookie
      ... I am using forms authentication and it seems to work fine except for the ... // check forms authentication and set isloggedin = true if the user is ... LoginCookies tests to see if the user is logged in using the ... VS debugger and it does not change after the Signout() method is invoked. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Logout
      ... I am using forms authentication and it seems to work fine except for the ... // check forms authentication and set isloggedin = true if the user is ... VS debugger and it does not change after the Signout() method is invoked. ... > Victor Garcia Aprea ...
      (microsoft.public.dotnet.framework.aspnet.security)