Recently, in one of the requirement we had to implement a sign-out of the user from form authentication programatically when user clicks on a link and login user back using some different credentials.
To set a back ground we had following environment :
1. SharePoint 2010 FBA enabled site.
2. Custom membership provider.
3. Custom login page for FBA.
Now when the user clicks on the link, we were deleting the FedAuth cookies and signin out user from Form authentication and redirecting user back to the custom login page. (Below code snippet).
However after doing all this when user was redirected back to login page we could still see the FedAuth cookie value in the header.
//some usiness logic here
if (HttpContext.Current.Request.Cookies["FedAuth"] != null)
{
HttpCookie requestCookie = new HttpCookie("FedAuth");
requestCookie.Secure = false;
requestCookie.Expires = DateTime.Now.AddYears(-1);
}
FederatedAuthentication.SessionAuthenticationModule.SignOut();
FormsAuthentication.SignOut();
To resolve this issue, we tried to delete cookies FedAuth,WSS_KeepSessionAuthenticated and .ASPXAUTH (both from request and response. I did for both and it worked for me).
{
//some usiness logic here
DeleteRequestCookies();
DeleteResponseCookies()
FederatedAuthentication.SessionAuthenticationModule.SignOut();
FormsAuthentication.SignOut();
}
private void DeleteRequestCookies()
{
for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++)
{
string cookieName = string.Empty;
switch (HttpContext.Current.Request.Cookies[i].Name)
{
case "FedAuth":
cookieName = "FedAuth";
break;
case "WSS_KeepSessionAuthenticated":
cookieName = "WSS_KeepSessionAuthenticated";
break;
case ".ASPXAUTH":
cookieName = ".ASPXAUTH";
break;
}
if (HttpContext.Current.Request.Cookies[cookieName] != null)
{
HttpCookie requestCookie = new HttpCookie(cookieName);
requestCookie.Secure = false;
requestCookie.Expires = DateTime.Now.AddYears(-1);
}
}
}
private void DeleteResponseCookies()
{
for (int i = 0; i < HttpContext.Current.Response.Cookies.Count; i++)
{
string cookieName = string.Empty;
switch (HttpContext.Current.Response.Cookies[i].Name)
{
case "FedAuth":
cookieName = "FedAuth";
break;
case "WSS_KeepSessionAuthenticated":
cookieName = "WSS_KeepSessionAuthenticated";
break;
case ".ASPXAUTH":
cookieName = ".ASPXAUTH";
break;
}
if (HttpContext.Current.Response.Cookies[cookieName] != null)
{
HttpCookie requestCookie = new HttpCookie(cookieName);
requestCookie.Secure = false;
requestCookie.Expires = DateTime.Now.AddYears(-1);
}
}
}
Hope this will help you :)
Saturday, April 30, 2011
Tuesday, April 12, 2011
Signout issue from Claim enabled Site in SharePoint 2010 with adfs 2.0
While working with ADFS claim aware site in SharePoint 2010, there is one issue regarding the sigout from the portal. Even if the user sign out from the portal, the cookie still persists and when user tries to login again he will be automatically signed in without prompted for re-authentication.
We can overcome this issue by implementing below steps :
1. Signout url -->
To correctly log out, we need to browse to the ADFS sign out url like
https://your_sts_server/adfs/ls/?wa=wsignout1.0
2. Setting the FedAuth cookie to be session based -->
In order to have correct sign out behaviour (even after setting the signout url as shown in step 1) we need to make the FedAuth cookies as session based. We can achieve this by running the following powershell command :
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()
iisreset
The details for the FedAuth cookie behaviour can be found here
Hope this post will be helpful to resolve the sign out issue.
We can overcome this issue by implementing below steps :
1. Signout url -->
To correctly log out, we need to browse to the ADFS sign out url like
https://your_sts_server/adfs/ls/?wa=wsignout1.0
2. Setting the FedAuth cookie to be session based -->
In order to have correct sign out behaviour (even after setting the signout url as shown in step 1) we need to make the FedAuth cookies as session based. We can achieve this by running the following powershell command :
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()
iisreset
The details for the FedAuth cookie behaviour can be found here
Hope this post will be helpful to resolve the sign out issue.
Subscribe to:
Posts (Atom)
