ASP.NET Windows Authentication logout

asp.netWindows AuthenticationLogout

asp.net Problem Overview

How do you logout when using Windows authentication in ASP.NET like this web.config?

<authentication mode="Windows" />

I've already tried the following unsuccessfully. It redirects, but does not log out the user.

void logoutButton_Click(object sender, EventArgs e) {
	HttpContext.Current.Session.Clear();
	HttpContext.Current.Session.Abandon();
	ViewState.Clear();
	FormsAuthentication.SignOut();
	Response.Redirect("/");
}

Background Info:

I have to use Windows authentication because I need to impersonate the identity using Active Directory to gain access to local files. And I cannot impersonate using Forms authentication because the HttpContext.Current.User.Identity won't be a WindowsIdentity. https://stackoverflow.com/questions/1066275/impersonate-using-forms-authentication

asp.net Solutions

Solution 1 - asp.net

No server-side logout button will work when using "Windows" authentication. You must use "Forms" authentication if you want a logout button, or close the user's browser.

Solution 2 - asp.net

For IE browsers only, you can use the following javascript to logout the user if using Windows Authentication. (Note: closing the browser isn't required, but recommended since the user might be using a non-IE browser).

If the user clicks "No" to close the browser, then the user will be prompted for a username/password if they attempt to access a page on the site that requires authentication.

try {
   document.execCommand("ClearAuthenticationCache");
}
catch (e) { }
window.close();

This code was taken from SharePoint's Signout.aspx page.

Solution 3 - asp.net

Windows authentication works at the IIS level by passing your Windows authentication token. Since authentication occurs at the IIS level you cannot actually log out from application code. However, there seems to be an answer to your problem here. It is the second question addressed and essentially involves using Forms Authentication and the LogonUser Windows api.

Solution 4 - asp.net

I had a SharePoint application with Windows authentication, I needed automatic logout after 15 minutes. I mixed up some codes and here is the result. it works in IE properly.

<script type="text/javascript">
var t;
window.onload = resetTimer;
document.onmousemove = resetTimer;
document.onkeypress = resetTimer;

function logout() {

    try {
        document.execCommand("ClearAuthenticationCache");
        window.location.href = window.location.protocol.replace(/\:/g, '') + "://" + window.location.host + "/_layouts/customlogin14.aspx";
    }
    catch (e) { }

}

function resetTimer() {
    window.clearTimeout(t);
    t = window.setTimeout(logout, 900000);
}

put these codes in your master page, after 15 mins idle time you will see the login page. hope this help somebody

Solution 5 - asp.net

I have this working using JavaScript in both IE and Firefox, though it logs you out of everything you're logged into in IE. It sort of works in Safari, but Safari throws up a phishing warning. Doesn't work in Opera.

try {
    if (document.all) {
        document.execCommand("ClearAuthenticationCache");
        window.location = "/";
    } else {
        window.location = "http://logout:[email protected]";
    }
} catch (e) {
    alert("It was not possible to clear your credentials from browser cache. Please, close your browser window to ensure that you are completely logout of system.");
    self.close();
}

Solution 6 - asp.net

Had alot of trouble with this, below is the code that works, hopefully someone finds it useful.

foreach (var cookie in Request.Cookies.Keys)
{
	Response.Cookies.Delete(cookie);
}


await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);


Response.Cookies.Append("EdgeAccessCookie", "", new Microsoft.AspNetCore.Http.CookieOptions()
{
	Path = "/",
	HttpOnly = true,
	SameSite = SameSiteMode.Lax, Expires = DateTime.Now.AddDays(-1)
});


Response.Redirect("https://adfs.[sitename].com/adfs/ls?wa=wsignout1.0");

Solution 7 - asp.net

The best answers I have seen are found in related StackOverFlow questions:

https://stackoverflow.com/questions/31326/is-there-a-browser-equivalent-to-ies-clearauthenticationcache/8497804#8497804

and

https://stackoverflow.com/questions/6277919/logging-a-user-out-when-using-http-basic-authentication

Basically you need to send a AJAX request to the server with invalid credentials and have the server accept them.

Solution 8 - asp.net

I think you should use forms auth, but you can use ldap windows user account in forms like this:

using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "mypassword");
}
Categories
Recommended asp.net Solutions
Recommended Windows Authentication Solutions
Recommended Logout Solutions

Previous Solution:

Discovery of Dynamic library dependency on Mac OS & Linux

WindowsLinuxMacosDependencies

Next Solution:

How can I require a generic parameter to be an enum that implements an interface?

JavaGenericsEnums

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionRobertView Question on Stackoverflow
Solution 1 - asp.netRobertView Answer on Stackoverflow
Solution 2 - asp.netGarry EnglishView Answer on Stackoverflow
Solution 3 - asp.nettribusView Answer on Stackoverflow
Solution 4 - asp.netEricView Answer on Stackoverflow
Solution 5 - asp.netScottView Answer on Stackoverflow
Solution 6 - asp.netTrent StewartView Answer on Stackoverflow
Solution 7 - asp.netAnthonyVOView Answer on Stackoverflow
Solution 8 - asp.netKonstantin SchView Answer on Stackoverflow