Hello Everyone,

I’m working on creating a web application where the users belonging to a particular group will use Windows Authentication

(native browser ligin prompt) to login.

Well the windows authentication is working, but i’m facing issues with performing the Logout option.

It seems that the session of the user once logged in cannot be terminated and no proper logout happens. ( I’ve also tried using ClearAuthenticationCache command of Javascript. )

Can the session of a user with windows authentication be terminated using Logout option or not for both IE and Firefox??

Can anyone please share some tips and code examples to perform this operation using MVC2.0 and .net 3.5.

Thanks in advance.

Ashish

Have you tried calling

FormsAuthentication.SignOut();

How is the windows auth being performed? I’m guessing integrated (as opposed to basic auth)…

The issue here is that with windows auth (specifically with integrated but to a lesser extens basic) is that your app is not in charge of the authentication. In a sense, the operating system is. By virtue of the user being logged into the OS, they’re logged
into your app (given the way you’ve currently built it). This is what windows auth means.

Now, you could change your design to use forms auth, but then you need to somehow know when the windows user is authenticated. You can do this one a single page by returning a 401 to the browser triggering it to authenticate and then by issue a forms auth
cookie with the username. This trick is usually done in a second app in IIS. That’s the 50K foot view of how to approach it.

Hello Brock,

Thanks for replying.

Yes, I’m using the Integrated Windows for windows authentication. The purpose of using Windows authentication is just

to use an already created Active directory (AD) group on the server.

According to the trick that you have mentioned, I’ve to include form authentication as well in my app. I’m actually looking for a solution

so that I can logout or say finish the current session of user from the website and then perform windows authentication again

for login.

Can you please share some tips and code examples to perform the logout operation using MVC2.0 and .net 3.5.

Thanks in advance.

Ashish

Hello John,

Thanks for replying.

I’m only using Integrated Windows authentication with browsers native login prompt.

My query is that can the session of a user with windows authentication be terminated using Logout option

or not for both IE and Firefox??

Can you please share some tips and code examples to perform this operation using MVC2.0 and .net 3.5.

Thanks in advance.

Ashish

ASHISH_TECHIT

Hello Brock,

Thanks for replying.

Yes, I’m using the Integrated Windows for windows authentication. The purpose of using Windows authentication is just

to use an already created Active directory (AD) group on the server.

According to the trick that you have mentioned, I’ve to include form authentication as well in my app. I’m actually looking for a solution

so that I can logout or say finish the current session of user from the website and then perform windows authentication again

for login.

Can you please share some tips and code examples to perform the logout operation using MVC2.0 and .net 3.5.

Thanks in advance.

Ashish

My point was that if you’re using integrated windows authentication then there is no notion of logout because their "session" (given that it’s integrated windows auth) is determined by how long they’re logged into windows itself. If you don’t want them automatically
logged into your app, then you’re saying you don’t want integrated windows authentication.

Ok. So I found one solution for this though it works only for IE. For logout we can add the following javascript and

in IE it will clear the cache and Login prompt appears again for windows authentication.

But it doesn’t work for Firefox. Here’s my script:-

 <script type=’text/javascript’ language="javascript">

      function Logout() {
          try {

              var agt = navigator.userAgent.toLowerCase();

              FOR INTERNET EXPLORER
              if (agt.indexOf("msie") != -1) {
                 
                  document.execCommand("ClearAuthenticationCache");
              }
              else
               {

                  FOR MOZILLA FIREFOX
                   var xmlhttp = new XMLHttpRequest();
                   // Let’s send invalid credentials, then abort
                   xmlhttp.open("GET", "/LogOut/LogOut", true, "logout", "logout");
                   xmlhttp.send("");
                   setTimeout("xmlhttp.abort();", 100);
                }
             
          catch (e) {
              alert("logout process fails.");
          }
      }

</script>

Can anyone please suggest some solution regarding this Logout operation and why the script doesn’t work in Firefox (v3.6 minimum).

Also it doesn’t throw any exception too.

Can anyone please share some tips and code examples to perform this operation using MVC2.0 and .net 3.5 ??

Thanks in advance.

Ashish

Have a look at the following article:
Switch User Functionality using MVC4 and Windows Authentication

This describes how to implement a way to switch the current user in a Windows Authenticated MVC web application.
Basically the current user wil be logged out and the Login popup will appear again, just like SharePoint but were it actually works!

(It works by manipulating the Response object)