Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

FormsAuthentication.SignOut() does not work

Tags:

c#

authentication

asp.net

I'm developing a website with a secure part, that is the folder named 'PIP'.

The login part works okay, but when i click logoff the user is still known and won't be redirected to the login page if he/she touches the secure part.

Here is my web.config:

<system.web>

<authentication mode="Forms">
  <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH">
  </forms>
</authentication>

</system.web>

<location path="PIP">
<system.web>
  <authorization>
    <deny users="?" />
  </authorization>
</system.web>
</location>

My login page where the user is authenticated:

FormsAuthentication.RedirectFromLoginPage(uid, false);

On the default.aspx page in the secured folder (PIP) has a logoff button, the code behind that button:

FormsAuthentication.SignOut();
Response.Redirect("~/Default.aspx", true);

On the page "Default.aspx" is a link that goes to ~/PIP/Default.aspx, it should be redirected to the login page but is does not. It seems the session is not affected by the signout.

I've tried a lot of options, manually deleting the sessions. Session.Clear, Session.Abandon but nothing seems to be working.

I hope you guys can point me in right direction!

Thanks in advance.

like image 519
Falcko Avatar asked Jul 30 '12 09:07

Falcko

People also ask

What happens when formsauthentication SIGNOUT is called?

When FormsAuthentication.SignOut () is called, the system tells Joe to lose the key. Normally, this works, since Joe no longer has the key, he cannot get in. However, if Joe ever comes back, and does have that lost key, he is let back in!

What happens when you call the SIGNOUT method on a form?

Calling the SignOut method only removes the forms authentication cookie. The Web server does not store valid and expired authentication tickets for later comparison. This makes your site vulnerable to a replay attack if a malicious user obtains a valid forms authentication cookie.

Why is my forms authentication cookie not working?

This means the client might send the forms authentication cookie over a non-SSL connection, thus leaving it vulnerable to hijack. You can prevent a client from sending the forms authentication cookie in the clear by running the entire Web site under SSL.

How does ASP SIGNOUT work?

ASP.NET generates a new identity for Joe, and gives him a cookie. That cookie is like the key to the house, and as long as Joe returns with that key, he can open the lock. Each visitor is given a new key and a new lock to use. When FormsAuthentication.SignOut () is called, the system tells Joe to lose the key.

1 Answers

You need to abandon the session after signing out.

FormsAuthentication.SignOut();
Session.Abandon();
Response.Redirect("~/Default.aspx", true);
like image 175
David Anderson Avatar answered Sep 22 '22 14:09

David Anderson
Sign in to Comment

Related questions

Show print preview in Telerik reportiviewer when it loads
ASP.NET startup Performance profiling web
How to best get a byte array from C# to a C++ WinRT component
Add a textblock to grid dynamically
Default datacontext
c# Concrete override of generic class
How to write functionality using DDD / CQRS
Sending formatted error message to client from catch block
Should I use Linq To SQL directly in code behind or use some other approach? [closed]
Why can this generic type not be converted?
How to cancel CellEnter/CellLeave event in C#?
Building NPAPI plugin in C#
c# asp.net getting username
Need to understand the below code for C# virtual methods
How to add subitems to a ListView?
Avoiding Shotgun Surgery with Database.SetInitializer
C# - DataGridView - Image and Text on the same row
Sorting on insertion with a comparing function
C# Is there a way to make a list of time range? Configurable
Visual Studio's code snippet: how to add logic in it?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!