2

I have a custom login in Sharepoint 2010 using claims-based authentication. User authentication works just fine but my custom sign out method doesn't. I have tried several solutions but my authentication cookie (federation) is still there. Why?

This will not work:

FormsAuthentication.SignOut();

Not this:

FederatedAuthentication.SessionAuthenticationModule.SignOut();
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();

Nor will this:

var authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
    HttpCookie cookie = new HttpCookie(authCookie.Name);
    cookie.Expires = DateTime.Now.AddDays(-1d);
    cookie.Domain = domain;
    Response.Cookies.Add(cookie);
}

How do I delete my FedAuth cookie? My cookie is not persistent. Still the only way to remove my auth cookie is deleting it manually in my browser or closing it down.

Michael Petrotta
  • 59,888
  • 27
  • 145
  • 179
kolback
  • 1,341
  • 2
  • 10
  • 5

2 Answers2

1

We had some trouble with this while using WIF. I'm don't know if your SharePoint implementation uses WIF but, if it does, this is an alternative method that may help:

WSFederationAuthenticationModule authModule = FederatedAuthentication.WSFederationAuthenticationModule;
                string signoutUrl = (WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(authModule.Issuer, authModule.Realm, null));
                Response.Redirect(signoutUrl);
Jeff
  • 668
  • 4
  • 12
  • Thanks! No I don't use WIF, didn't even know about it. Looks very intresting thought, I will check it up! – kolback May 17 '13 at 19:01
0

I know this is a 10yrs thread, but recently i also stumbled upon the exact same problem with SharePoint Server 2013 and ASP.NET Framework 4.5

The actual action that solve my problem is almost the same exact as your last code snippet

var authCookie = Request.Cookies[myCookieName];
if (authCookie != null)
{
    HttpCookie cookie = new HttpCookie(authCookie.Name);
    cookie.Expires = DateTime.Now.AddDays(-1d);
    cookie.Domain = domain;
    Response.Cookies.Add(cookie);
}

the only different is i manually determine what's the cookie name myCookieName, which i got the list from Request.Cookies.AllKeys then choose which cookie that might contains the auth from its name.

No, i didn't code it or something so it can select automatically, i printed that AllKeys out, to Debug.Console() then manually choose a cookie name then assign its name to myCookieName. In my case the cookie that responsible for auth is FedAuth.

Tommy Aria Pradana
  • 574
  • 1
  • 4
  • 18