1

When I'm deleting a user I want it to automatically log out, but whenever I call the logout-function using RedirectToAction, I get a 404. I saw somewhere else on stackoverflow, that this was tried to be achieved through a button-click and the methods being [HttpPost] and [HttpGet] was conflicting - but that is seemingly not the case here.

Usercontroller

[HttpPost]
public ActionResult DeleteConfirmed(int id)
{
    User user = db.Users.Find(id);
    db.Users.Remove(user);
    db.SaveChanges();
    return RedirectToAction("LogOff", "Account");
}

Accountcontroller

[HttpPost]    
public ActionResult LogOff()
{
  AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
  return RedirectToAction("Index", "Home");
}

Anyone having an idea why that is? URL looks right.

CodeProg
  • 131
  • 12
  • 3
    When you RedirectToAction the browser is making a Get request, and your controller action is a Post, so it's not found. As far as I know, you cannot redirect to a Post verb. – Jonathon Chase Jun 12 '18 at 18:47
  • @JonathonChase this might seem like an odd question, but is it possible to define the LogOff function as a GetRequest then.. and if so. Would you suggest having a seperate Logoff-function that is a get? – CodeProg Jun 12 '18 at 18:53
  • I don't know that you need to be redirecting to the logoff method at all. If your logout process gets complicated somehow, I'd push it into it's own class and call that from the controllers that need to logout. – Jonathon Chase Jun 12 '18 at 19:10
  • That little bit you told me was enough for me to find a solution. Thanks :) – CodeProg Jun 12 '18 at 19:13

1 Answers1

1

You can't redirect to a POST action. A possibility might be to factor out your log off action and call that:

public ActionResult LogOffAction()
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
    return RedirectToAction("Index", "Home");
}

Or simply add in the one line that you would be saving:

[HttpPost]
public ActionResult DeleteConfirmed(int id)
{
    User user = db.Users.Find(id);
    db.Users.Remove(user);
    db.SaveChanges();
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
    return RedirectToAction("Index", "Home");
}
naspinski
  • 34,020
  • 36
  • 111
  • 167
  • Thanks for you answer, i do however not have a SignOut method in AutenticationManager – CodeProg Jun 12 '18 at 18:57
  • But I copied the exact code from your original post...? – naspinski Jun 12 '18 at 19:19
  • Oh, you are right! I dont know what happened there. Ill give it another try XD – CodeProg Jun 12 '18 at 19:21
  • Ahh, i see why. I was a bit quick on judging. The AuthenticationManager is an interface that's declared in the AccountController and isnt in the UserController - hence why its not available in the UserController. So with your first solution using the LogOffAction-function I assume that you want me to declare it as a HTTPGet and call that through RedirectToAction? It seems that having a logout-function as Get is "dangerous" see here: https://stackoverflow.com/questions/25710805/why-does-logout-in-asp-net-identity-use-post-instead-of-get – CodeProg Jun 12 '18 at 19:30
  • I was just showing it as a factored out method that could be reused, not a GET. – naspinski Jun 12 '18 at 19:43