Recently, in one of the requirement we had to implement a sign-out of the user from form authentication programatically when user clicks on a link and login user back using some different credentials.
To set a back ground we had following environment :
1. SharePoint 2010 FBA enabled site.
2. Custom membership provider.
3. Custom login page for FBA.
Now when the user clicks on the link, we were deleting the FedAuth cookies and signin out user from Form authentication and redirecting user back to the custom login page. (Below code snippet).
However after doing all this when user was redirected back to login page we could still see the FedAuth cookie value in the header.
//some usiness logic here
if (HttpContext.Current.Request.Cookies["FedAuth"] != null)
{
HttpCookie requestCookie = new HttpCookie("FedAuth");
requestCookie.Secure = false;
requestCookie.Expires = DateTime.Now.AddYears(-1);
}
FederatedAuthentication.SessionAuthenticationModule.SignOut();
FormsAuthentication.SignOut();
To resolve this issue, we tried to delete cookies FedAuth,WSS_KeepSessionAuthenticated and .ASPXAUTH (both from request and response. I did for both and it worked for me).
{
//some usiness logic here
DeleteRequestCookies();
DeleteResponseCookies()
FederatedAuthentication.SessionAuthenticationModule.SignOut();
FormsAuthentication.SignOut();
}
private void DeleteRequestCookies()
{
for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++)
{
string cookieName = string.Empty;
switch (HttpContext.Current.Request.Cookies[i].Name)
{
case "FedAuth":
cookieName = "FedAuth";
break;
case "WSS_KeepSessionAuthenticated":
cookieName = "WSS_KeepSessionAuthenticated";
break;
case ".ASPXAUTH":
cookieName = ".ASPXAUTH";
break;
}
if (HttpContext.Current.Request.Cookies[cookieName] != null)
{
HttpCookie requestCookie = new HttpCookie(cookieName);
requestCookie.Secure = false;
requestCookie.Expires = DateTime.Now.AddYears(-1);
}
}
}
private void DeleteResponseCookies()
{
for (int i = 0; i < HttpContext.Current.Response.Cookies.Count; i++)
{
string cookieName = string.Empty;
switch (HttpContext.Current.Response.Cookies[i].Name)
{
case "FedAuth":
cookieName = "FedAuth";
break;
case "WSS_KeepSessionAuthenticated":
cookieName = "WSS_KeepSessionAuthenticated";
break;
case ".ASPXAUTH":
cookieName = ".ASPXAUTH";
break;
}
if (HttpContext.Current.Response.Cookies[cookieName] != null)
{
HttpCookie requestCookie = new HttpCookie(cookieName);
requestCookie.Secure = false;
requestCookie.Expires = DateTime.Now.AddYears(-1);
}
}
}
Hope this will help you :)
Subscribe to:
Post Comments (Atom)
Thanks...it worked
ReplyDeleteMuchas gracias, funciona de mil maravillas!!!
ReplyDeleteUn abrazo desde Chile.
This comment has been removed by a blog administrator.
ReplyDeleteThanks...it worked
ReplyDeletegreat work....rocked :)
ReplyDeletegreat work. you rocked :)
ReplyDeleteHi i have same problem, where to use this code? please help me...
ReplyDeleteWhere is this code implemented?
ReplyDelete