I want to be able to logout the currently logged in user, especially in the use case of current user closes browser, opens a new browser, heads to the login page.
Here is what I've been trying...
private ActionResult DoLogout()/// check this out https://dzone.com/articles/catching-systemwebowin-cookie the sytem.web cookie monster
{
var AuthenticationManager = HttpContext.GetOwinContext().Authentication;
AuthenticationManager.SignOut();
AuthenticationManager.SignOut( DefaultAuthenticationTypes.ApplicationCookie );
Session.Abandon();
var user = UserManager.FindByName( User.Identity.Name );
if (user != null)
{
UserManager.UpdateSecurityStamp( user.Id ); // remove the old cookie so it can't be reused to re-log in - EWB
}
AuthenticationManager.SignOut();
ClearCookies();
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ApplicationCookie );// https://stackoverflow.com/questions/28999318/owin-authentication-signout-doesnt-seem-to-remove-the-cookie - stralos s answer
// https://stackoverflow.com/questions/43675904/asp-net-identity-2-logging-out-other-sessions-using-security-stamp-after-pa
AuthenticationManager.SignOut( DefaultAuthenticationTypes.ApplicationCookie );
return Redirect("https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://"+ Url.Action( "Index", "Home", new { target = "_blank" } ) ); //https://stackoverflow.com/questions/27515518/asp-net-identity-external-login-wont-log-out - f belihocine answer
}
but when I log back in this code gets called
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("LogOut"); // <--- here
}
Because the user is in a broken state, because I think ASP.net is logged out, but Google is still logged in....
Any help is appreciated
this is what finally did the trick
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ApplicationCookie );// https://stackoverflow.com/questions/28999318/owin-authentication-signout-doesnt-seem-to-remove-the-cookie - stralos s answer
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ExternalCookie ); // https://stackoverflow.com/questions/43675904/asp-net-identity-2-logging-out-other-sessions-using-security-stamp-after-pa
I noticed that most places used app cookie, but in a few it was external.. .I converted all to app cookie and it stopped working, then I tried this next.
Here is the code in StartupAuth where you can see both cookies are being used
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes( 1 ),
CookieName = "SP3GGS-ID2-cookie",
//CookieSecure = CookieSecureOption.Always, // TODO: turn this on for prod/qa so only ssl is allowed - EWB - per https://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes( 1 ),
regenerateIdentity: ( manager, user ) => user.GenerateUserIdentityAsync( manager )
)
},
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);// HERE EWB