2

I have tried every way possible, but I am still not able to logout the current user. Currently I have the following code:

_authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

        string sKey = (string)HttpContext.Current.Session["user"];
        string sUser = Convert.ToString(HttpContext.Current.Cache[sKey]);
        HttpContext.Current.Cache.Remove(sUser);
        HttpContext.Current.Session.Clear();
        HttpContext.Current.Response.Cookies.Clear();
        HttpContext.Current.Request.Cookies.Clear();
        HttpContext.Current.Session.Abandon();

After this, the session is still not cleared. Any ideas?

Authentication startup:

  app.UseCookieAuthentication(new CookieAuthenticationOptions
           {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });

SignIn Code:

    public override ApplicationUser Handle([NotNull]LoginCommand command)
    {
        var user = _userManager.Find(command.Login, command.Password);
        if (user == null)
        {
            throw new RentalApplicationValidationException("No valid login");
        }

        _authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
        var identity = _userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
        _authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);

        return user;
    }
Liam
  • 27,717
  • 28
  • 128
  • 190
Identity
  • 1,553
  • 1
  • 22
  • 44
  • what is your sign-in code look like? and Authentication startup configuration? – trailmax Apr 12 '16 at 00:05
  • Thanks for you reply. See edit in my post. – Identity Apr 12 '16 at 07:34
  • Actual `SignOut` looks OK, but you are talking about session. Identity does not use session for authentication, only cookies. Do you have other code that uses session for auth? – trailmax Apr 12 '16 at 10:42
  • No, I am not using it anywhere else. What is noticed is when I trigger the signout method directly in my Controller, everything works. When triggering the signout method from my command, it's not working. – Identity Apr 12 '16 at 11:00
  • This last statement points that `IAuthenticationManager` is resolved in the wrong lifescope - I have just noticed your comment below. Try registering `IAuthenticationManager` as `InstancePerDependency()`. – trailmax Apr 12 '16 at 11:11
  • Thanks for your reply, but is still not working in the command. When requesting it the same way via a Controller, it does work. – Identity Apr 12 '16 at 11:13
  • 1
    Possible duplicate of [ASP.Net Identity Logout](http://stackoverflow.com/questions/20681726/asp-net-identity-logout) – Liam Apr 27 '17 at 11:19

2 Answers2

0

You need to call the SignOut within the AuthenticationManager I see you are trying above but are you getting it from the Owin context

try the below at the end of your code.

var authetication = HttpContext.Current.GetOwinContext().Authentication;
authentication.SignOut();

Another way is to clear the cookie (i have seen again you tried this above but try it with just the AuthCookie) by setting the year by -1.. it seems when you Session.Abandon() the cookie is still there and same with FormsAuthentication.SignOut().. try something like this at the end of your code:

HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, "");
authCookie.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(authCookie);
Josh Stevens
  • 3,943
  • 1
  • 15
  • 22
  • I am using autofac to register all managers from Asp.net identity like this: builder.Register(c => HttpContext.Current.GetOwinContext().Authentication) .As() .InstancePerRequest(); When I resolve this in my command, I am not able to logout. When I request the authenticatonmanager via GetOwinContext in my controller directly, it works. How can I make it work in my command? – Identity Apr 11 '16 at 20:55
0

You need to call

HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

DotNetGeek
  • 165
  • 11