My project is based on the MVC 5 project template from Visual Studio 2013 (individual user account option). I have been relying on the default Sign In and Sign Out method for my users. But I'm not sure what I did, at some point, users cannot sign out anymore, however they can sign in as another user.
This is the default Logoff method of Account Controller
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
AuthenticationManager.SignOut();
return RedirectToAction("Index", "Home");
}
private IAuthenticationManager AuthenticationManager
{
get
{
return HttpContext.GetOwinContext().Authentication;
}
}
This is the default _LoginPartial.cshtml View that shows user's username.
@using Microsoft.AspNet.Identity
@if (Request.IsAuthenticated)
{
using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
{
@Html.AntiForgeryToken()
<ul class="nav navbar-nav navbar-right">
<li>
@Html.ActionLink("Hello " + User.Identity.GetUserName() + "!", "Index", "Manage", routeValues: null, htmlAttributes: new { title = "Manage" })
</li>
<li><a href="javascript:document.getElementById('logoutForm').submit()">Log off</a> </li>
</ul>
}
}
else
{
<ul class="nav navbar-nav navbar-right">
<li>@Html.ActionLink("Register", "Register", "Account", routeValues: null, htmlAttributes: new { id = "registerLink" })</li>
<li>@Html.ActionLink("Log in", "Login", "Account", routeValues: null, htmlAttributes: new { id = "loginLink" })</li>
</ul>
}
When user signs out, it directs user to the login page, but user's username is still shown which means that they have not signed out. And the url on the browser shows http://localhost/Account/Login?ReturnUrl=%2FAccount%2FLogOff
It is not taking the user back to Index page of Home. So my guess is that something happened at the statement AuthenticationManager.SignOut();. I'm confused because I haven't changed anything to the Account Controller.
Any lead would be greatly appreciated.
Simply add this line of code after SignOut():
HttpContext.User = new GenericPrincipal(new GenericIdentity(string.Empty), null);
Also check this out: Page.User.Identity.IsAuthenticated still true after FormsAuthentication.SignOut()
I figured my problem was not at SignOut()
. If you think your problem is at SignOut()
(and using Owin Authentication) check out Sergio's link.
For my case is a stupid mistake!
I forgot I added [Authorize(Role = "admins")]
to the controller, because I only wanted the admins to use the register method that comes with the default template. And the result is that no one except the admins can log out!
This is what I had:
[Authorize(Roles = "admin")]
public class AccountController : Controller
{
public ActionResult LogOff()
{
}
public ActionResult Register()
{
}
}
What I did is I just move the register methods to a new controller, like below:
[Authorize]
public class AccountController : Controller
{
public ActionResult LogOff()
{
}
}
and
[Authorize(Roles = "admin")]
public class AdminController : Controller
{
public ActionResult Register()
{
}
}
Now everyone can log out and only admins can register users.
(And the default AuthenticationManager.SignOut()
works fine.)
I had the same problem. Check this Issue on CodePlex:
http://web.archive.org/web/20160403071605/https://aspnetidentity.codeplex.com/workitem/2347
Try replacing AuthenticationManager.SignOut()
with
AuthenticationManager.Signout(DefaultAuthenticationTypes.ApplicationCookie);
I hope that I help you. :-)
Replace
AuthenticationManager.Signout();
with
AuthenticationManager.Signout(DefaultAuthenticationTypes.ApplicationCookie);
as per the issue in Sergio's answer
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With