2

In my Project I am using Windows Authentication Login. Logout Button is Required.

If Click on Logout Button Page should be redirect to Logout.aspx. In Logout.aspx if I press Back Button in Browser that is redirect back.

How To control should not redirect to back In LogOut Page and Ask for Window Authentication Login?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Harsh Nag
  • 84
  • 1
  • 1
  • 11

3 Answers3

7

In windows authentication there is no possibility of logout as you are not using IIS for authentication. You are using that against OS and even if you logout in same browser and then on next request you will automatically login in same browser.

So there is no possibility of logout in windows auhtentication.

See same kind of question in stack overflow.

ASP.NET Windows Authentication logout

Community
  • 1
  • 1
Jalpesh Vadgama
  • 13,653
  • 19
  • 72
  • 94
  • I understand that there is no possibility of logout when you are using Windows Authentication, but can one force the user to re-enter his credentials using Browser login page? There must be a way to do so, right? I have tried tricks like document.execCommand('ClearAuthenticationCache', false) but it did not work. Once the user logins for the first time I could not display the login page to show up when I want to. – MHOOS Feb 26 '18 at 18:46
  • @MHOOS the whole point of Windows Authentication is that the user never has to enter their credentials into the browser at all. It's like an SSO solution - it uses their Windows login identity on the PC to create a Kerberos token which the webserver can validate (by asking Active Directory) and use to identify them. Their username and password are never transmitted to the webserver. An exception to this is if a browser such as Firefox is used which doesn't support Kerberos auth, so it falls back to NTLM, but you still can't force re-auth during the browser session AFAIK. – ADyson Jun 04 '18 at 16:09
  • @MHOOS and why would you _want_ the user to re-enter their credentials anyway? They're already authenticated by their token, why ask again? That's just an inconvenience to the user, and your app doesn't need to re-confirm their identity - it gets sent the token automatically with every request, so it knows who's making the request. I can't see the purpose of what you're asking for. – ADyson Jun 04 '18 at 16:11
  • @ADyson: The purpose is : When a user presses logout button in the site he needs to be ejected from the site and re-login otherwise what is the point of logout? Imagine you press the logout button and you are still logged-in. You would think something is wrong and logout has not worked at all. – MHOOS Jun 04 '18 at 16:15
  • @MHOOS yes that was my meaning - what's the point of logout in your website? It's a windows-auth application - the user logs in when they log into Windows, not into your site. Logging out is when they log out of Windows, since that, and not your site, controls their identity. The whole purpose is to avoid them logging in an extra time into your application. I can't see why you'd want or need a logout from the actual site. And anyway, it's not really possible with Windows Authentication, because as I explained, Windows controls that process. You don't need a logout button at all. – ADyson Jun 05 '18 at 08:32
0

I have a Web-form solution for this , you can use it , I hope be useful for you.

logout.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="logout.aspx.cs" Inherits="logout" %>

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
    <meta http-equiv="Cache-Control" content="no-cache">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="0">
</head>
<body>
    <script type="text/javascript">
        function HandleResult(arg, context) {
            window.location = "/Login.aspx";
        }
    </script>
    <form id="form1" runat="server">
    </form>
    <script>
        CallServer('LoGout', '');
            var Backlen=history.length;   
        history.go(-Backlen);   
        window.location.href = "/Login.aspx";

    </script>
</body>
</html>

logout.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;


public partial class logout : System.Web.UI.Page, System.Web.UI.ICallbackEventHandler
{
    public void RaiseCallbackEvent(string eventArgument)
    {
    }

    public string GetCallbackResult()
    {
        return "";
    }

    protected void Page_Load(object sender, EventArgs e)
    {
        ClearAll();
        ClientScriptManager cm = Page.ClientScript;
        string cbReference = cm.GetCallbackEventReference(this, "arg", "HandleResult", "");
        string cbScript = "function CallServer(arg, context){" + cbReference + ";}";
        cm.RegisterClientScriptBlock(this.GetType(), "CallServer", cbScript, true);
        cm.RegisterStartupScript(this.GetType(), "cle", "windows.history.clear", true);
        Response.Redirect("/login.aspx");

    }
    protected void Page_Init(object sender, EventArgs e)
    {
        ClearAll();
    }

    void ClearAll()
    {
        Session.RemoveAll();
        System.Web.Security.FormsAuthentication.SignOut();
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
        Response.Cache.SetNoStore();


    }
}

I Have this in my projects that working fine.

Eqbal Sohrabi
  • 826
  • 6
  • 23
  • thank you very much in windows authentication Login page is not available – Harsh Nag Apr 07 '15 at 12:44
  • 1
    Can you help me i login page Code how to use in Window authentication? – Harsh Nag Apr 07 '15 at 12:46
  • @HarshNag , I don't get what you mean , yes of course why not , just tell me why your Login page is not available ?! May you upload a sample of your Web-aplication , because I don't know what you have and what you want to do exactly. – Eqbal Sohrabi Apr 07 '15 at 12:58
  • In the Above you are Redirect to Login.aspx page in Windows Authentication Login Page Not Available. If i call the application Url in browser a popup will come and ask User name and password. – Harsh Nag Apr 08 '15 at 09:47
  • So you can just replace **"/login.aspx"** with **"/"** , I don't know what exactly your project like. – Eqbal Sohrabi Apr 08 '15 at 10:22
-1

Use This Script in every .aspx page

<script type = "text/javascript" >
        function changeHashOnLoad() {
            window.location.href += "#";
            setTimeout("changeHashAgain()", "50");
        }

        function changeHashAgain() {
            window.location.href += "1";
        }

        var storedHash = window.location.hash;
        window.setInterval(function () {
            if (window.location.hash != storedHash) {
                window.location.hash = storedHash;
            }
        }, 50);


</script>
Supraj V
  • 967
  • 1
  • 10
  • 19