Re: Logout

From: [MSFT]Allen (yweng_at_online.microsoft.com)
Date: 04/25/03

  • Next message: dave: "Intranet Windows Auth and Forms" 
    Date: Fri, 25 Apr 2003 10:10:58 GMT

    What version of .NET Framework are you using? There is a bug with Signout()
    in beta builds. But it has already been fixed. Make sure that the page you
    are requesting denies access to the anonymous user in the web.config file:
    <authorization> <deny user=Ħħ?Ħħ /> </ authorization>. Also ensure that the
    cookie path in your application is set to "/".

    If the problem still exists, please try using the code snippet below rather
    than Signout()

                FormsAuthentication.Initialize();
                HttpContext context = HttpContext.Current;
                HttpCookie cookie = new
    HttpCookie(FormsAuthentication.FormsCookieName, "");
                cookie.Path = "/";
                cookie.Expires = new System.DateTime(1999, 10, 1);
                context.Response.Cookies.Add(cookie);

    HTH,
    -Allen

     
    Disclaimer:
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Got .Net? http://www.gotdotnet.com

    --------------------
    | From: "Ron Cicotte" <msnews@summerstreet.net>
    | References: <ege6kWPBDHA.28568@TK2MSFTNGP10.phx.gbl>
    <#G7fAuQBDHA.2376@TK2MSFTNGP10.phx.gbl>
    | Subject: Re: Logout
    | Date: Mon, 21 Apr 2003 18:01:23 -0400
    | Lines: 111
    |
    | Victor,
    |
    | I am using forms authentication and it seems to work fine except for the
    | FormsAuthentication.Signout(). I have a login page with the following
    code
    | in the Page_Load function:
    |
    | private void Page_Load(object sender, System.EventArgs e)
    |
    | {
    |
    | //utilities for managing database I/O
    |
    | Util=new vci_Utilities(this);
    |
    | if (!IsPostBack)
    |
    | {
    |
    | // check forms authentication and set isloggedin = true if the user is
    | logged in.
    |
    | LoginCookies();
    |
    | // auto logout when coming back to this page after logging in
    |
    | if(isLoggedIn)
    |
    | {
    |
    | FormsAuthentication.SignOut();
    |
    | isLoggedIn = false;
    |
    | Session.Abandon();
    |
    | Response.Redirect("Login.aspx",true);
    |
    | }
    |
    | Login_Show();
    |
    | }
    |
    | else
    |
    | {
    |
    | uid = Int32.Parse(ViewState["uid"].ToString());
    |
    | isLoggedIn = (bool)ViewState["IsLoggedIn"];
    |
    | }
    |
    | }
    |
    | LoginCookies tests to see if the user is logged in using the
    | Request.IsAuthenticated attribute and sets a page var (bool isLoggedIn)
    | based on the result. The problem is that the the SignOut() method is not
    | removing the authentication cookie as expected. Request.IsAuthenticated
    | always returns true. I have a watch on the IsAuthenticated attribute in
    my
    | VS debugger and it does not change after the Signout() method is invoked.
     I
    | test it immediately following the repost after redirection and it is still
    | true.
    |
    | What can I do?
    |
    | I have posted this elswhere in this newsgroup but this seemed an
    appropriate
    | place to bring it up again.
    |
    | Thanks for whatever advice you may have.
    |
    | -ron
    |
    |
    |
    | "Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> wrote in message
    | news:#G7fAuQBDHA.2376@TK2MSFTNGP10.phx.gbl...
    | > Hi Brian,
    | >
    | > Take a look at the FormsAuthentication.SignOut method,
    | >
    | > --
    | > Victor Garcia Aprea
    | > Microsoft MVP | ASP.NET
    | >
    | > "Brian Morris" <brian@usd475.com> wrote in message
    | > news:ege6kWPBDHA.28568@TK2MSFTNGP10.phx.gbl...
    | > > I have an application that I am using FormsAuthentication on. I don't
    | > fully
    | > > understand the process and copied the code to make it work from a
    book.
    | > >
    | > > What I want to make is a Logout button that destroys their
    | authentication.
    | > > I would guess that this is pretty easy since using this authentication
    | > > method was pretty easy in the first place.
    | > >
    | > > Can someone please provide me with the syntax to make the application
    | > think
    | > > I am no longer authenticated. I don't want to have my client close
    | their
    | > > browser and am not sure that would work anyway. I haven't tried that
    | > > because I am still developing my app.
    | > >
    | > > tia,
    | > > -brian
    | > >
    | > >
    | >
    | >
    |
    |
    |

  • Next message: dave: "Intranet Windows Auth and Forms"