Hello Everyone,
I’m working on creating a web application where the users belonging to a particular group will use Windows Authentication
(native browser ligin prompt) to login.
Well the windows authentication is working, but i’m facing issues with performing the Logout option.
It seems that the session of the user once logged in cannot be terminated and no proper logout happens. ( I’ve also tried using ClearAuthenticationCache command of Javascript. )
Can the session of a user with windows authentication be terminated using Logout option or not for both IE and Firefox??
Can anyone please share some tips and code examples to perform this operation using MVC2.0 and .net 3.5.
Thanks in advance.
Ashish
Have you tried calling
FormsAuthentication.SignOut();
How is the windows auth being performed? I’m guessing integrated (as opposed to basic auth)…
The issue here is that with windows auth (specifically with integrated but to a lesser extens basic) is that your app is not in charge of the authentication. In a sense, the operating system is. By virtue of the user being logged into the OS, they’re logged
into your app (given the way you’ve currently built it). This is what windows auth means.
Now, you could change your design to use forms auth, but then you need to somehow know when the windows user is authenticated. You can do this one a single page by returning a 401 to the browser triggering it to authenticate and then by issue a forms auth
cookie with the username. This trick is usually done in a second app in IIS. That’s the 50K foot view of how to approach it.
Hello Brock,
Thanks for replying.
Yes, I’m using the Integrated Windows for windows authentication. The purpose of using Windows authentication is just
to use an already created Active directory (AD) group on the server.
According to the trick that you have mentioned, I’ve to include form authentication as well in my app. I’m actually looking for a solution
so that I can logout or say finish the current session of user from the website and then perform windows authentication again
for login.
Can you please share some tips and code examples to perform the logout operation using MVC2.0 and .net 3.5.
Thanks in advance.
Ashish
Hello John,
Thanks for replying.
I’m only using Integrated Windows authentication with browsers native login prompt.
My query is that can the session of a user with windows authentication be terminated using Logout option
or not for both IE and Firefox??
Can you please share some tips and code examples to perform this operation using MVC2.0 and .net 3.5.
Thanks in advance.
Ashish
ASHISH_TECHIT
Hello Brock,
Thanks for replying.
Yes, I’m using the Integrated Windows for windows authentication. The purpose of using Windows authentication is just
to use an already created Active directory (AD) group on the server.
According to the trick that you have mentioned, I’ve to include form authentication as well in my app. I’m actually looking for a solution
so that I can logout or say finish the current session of user from the website and then perform windows authentication again
for login.
Can you please share some tips and code examples to perform the logout operation using MVC2.0 and .net 3.5.
Thanks in advance.
Ashish
My point was that if you’re using integrated windows authentication then there is no notion of logout because their "session" (given that it’s integrated windows auth) is determined by how long they’re logged into windows itself. If you don’t want them automatically
logged into your app, then you’re saying you don’t want integrated windows authentication.
Ok. So I found one solution for this though it works only for IE. For logout we can add the following javascript and
in IE it will clear the cache and Login prompt appears again for windows authentication.
But it doesn’t work for Firefox. Here’s my script:-
<script type=’text/javascript’ language="javascript">
function Logout() {
try {
var agt = navigator.userAgent.toLowerCase();
FOR INTERNET EXPLORER
if (agt.indexOf("msie") != -1) {
document.execCommand("ClearAuthenticationCache");
}
else
{
FOR MOZILLA FIREFOX
var xmlhttp = new XMLHttpRequest();
// Let’s send invalid credentials, then abort
xmlhttp.open("GET", "/LogOut/LogOut", true, "logout", "logout");
xmlhttp.send("");
setTimeout("xmlhttp.abort();", 100);
}
catch (e) {
alert("logout process fails.");
}
}
</script>
Can anyone please suggest some solution regarding this Logout operation and why the script doesn’t work in Firefox (v3.6 minimum).
Also it doesn’t throw any exception too.
Can anyone please share some tips and code examples to perform this operation using MVC2.0 and .net 3.5 ??
Thanks in advance.
Ashish
Have a look at the following article:
Switch User Functionality using MVC4 and Windows Authentication
This describes how to implement a way to switch the current user in a Windows Authenticated MVC web application.
Basically the current user wil be logged out and the Login popup will appear again, just like SharePoint but were it actually works!
(It works by manipulating the Response object)