0

When we sign in into a main application, it redirects into my MVC 5 application.

This is the method I am using to sign in for my application.

 private void FillAuthenticationClaims(string userName)
    {
        this.AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
        var claims = new List<Claim>();
        claims.Add(new Claim(ClaimTypes.Name, userName));
        var claimsIdentity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
        ClaimsPrincipal principal = new ClaimsPrincipal(claimsIdentity);
        System.Threading.Thread.CurrentPrincipal = principal;
        this.AuthenticationManager.SignIn(new AuthenticationProperties(), claimsIdentity);
    }

The problem is :

When I logoff from another page of application like profile page, it works fine(back press leads to same sign in page),

But, Dashboard is the landing page for my application. On reaching dashboard after signing in if I do logOff and then I press back button, page redirects to dashboard.

I get value of filterContext.HttpContext.Session["SchoolSession"] which should be null in this case.

I have applied cache disabling using this :

    HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate");
        HttpContext.Current.Response.AddHeader("Pragma", "no-cache");
        HttpContext.Current.Response.AddHeader("Expires", "0");

I have added NoCacheAttribute also in my application and [NoCache] in controller. Please let me know where I am going wrong or what are better ways of implementing it.

Here is the onActionExecuting method of the application.

     public override void OnActionExecuting(ActionExecutingContext filterContext){
        if (filterContext.ActionParameters.Count > 0)
         {
            var uid = filterContext.ActionParameters["uid"] as int?;
            var guid = filterContext.ActionParameters["ugid"] as String;
            var sid = filterContext.ActionParameters["sid"] as int?;
            var mid = filterContext.ActionParameters["mid"] as String;
            var fixedroleid = filterContext.ActionParameters["fixedroleid"] as String;              
        }
        var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
        if (!controllerName.Equals(Account, StringComparison.OrdinalIgnoreCase) && SessionData.Instance.UserInfo == null)
        {
            filterContext.Result = new RedirectResult("http://localhost/qsmainApp");
            }));
        }
        else if (filterContext.HttpContext.Session["SchoolSession"] == null)
        {
            filterContext.Result = new RedirectResult("http://localhost/qsmainApp");
        }

Here is the logOff method.

 public ActionResult LogOff() {
        this.AuthenticationManager.SignOut();
        SessionData.Clear();
        Session.Clear();
        Session.Abandon();
        Session.RemoveAll();

        FormsAuthentication.SignOut();
        HttpContext.Session["SchoolSession"] = null;
        HttpContext.Session.RemoveAll();
        string logoutURL = "../../logout.aspx";
        HttpContext.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
        return RedirectPermanent(logoutURL);
    }
Rajdeep
  • 788
  • 7
  • 26
  • Check out for browser history cleaning [http://stackoverflow.com/questions/2190808/how-to-clear-browsers-ie-firefox-opera-chrome-history-using-javascript-or-j](http://stackoverflow.com/questions/2190808/how-to-clear-browsers-ie-firefox-opera-chrome-history-using-javascript-or-j) – Serhat MERCAN Jan 16 '17 at 14:37
  • no, I checked it in incognito, its behaving the same – Rajdeep Jan 17 '17 at 04:46

0 Answers0