Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

Logging out of Federated authentication through STS #396

Closed
mrblarg opened this issue Sep 3, 2013 · 7 comments
Closed

Logging out of Federated authentication through STS #396

mrblarg opened this issue Sep 3, 2013 · 7 comments

Comments

@mrblarg
Copy link

mrblarg commented Sep 3, 2013

Hi there,

I've logged into the STS with federated authentication using Live or Facebook, but I can't seem to log out. Even when clearing all cookies "FedAuth and "FedAuth1" which I can remove using firebug to log the user out but not in code for some reason.

I have tried the following

        //didnt work, null reference exception
        //WSFederationAuthenticationModule authModule = FederatedAuthentication.WSFederationAuthenticationModule;
        //string signoutUrl = (WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(authModule.Issuer, authModule.Realm, null));
        //Response.Redirect(signoutUrl);

        //cookies not deleted
        //if (Request.Cookies["FedAuth"] != null)
        //    Request.Cookies.Remove("FedAuth");
        //if (Request.Cookies["FedAuth1"] != null)
        //    Request.Cookies.Remove("FedAuth1");

        //didnt work, null reference exception
        //WSFederationAuthenticationModule.FederatedSignOut(
        //    new Uri(FederatedAuthentication.WSFederationAuthenticationModule.Issuer),
        //    new Uri(FederatedAuthentication.WSFederationAuthenticationModule.Reply));

        //didnt work, null reference exceptions
        //FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
        //FederatedAuthentication.SessionAuthenticationModule.SignOut(); Causes exception
        //if (Thread.CurrentPrincipal is IClaimsPrincipal)
        //{
        //    ClaimsIdentityCollection claims = ((IClaimsPrincipal)Thread.CurrentPrincipal).Identities;
        //    claims.Clear();
        //}
@brockallen
Copy link
Member

Logged out of what? The RP? IdentityServer? Or Facebook?

When using external identity providers, you're never really logged into IdentityServer -- it's just passing thru the identity.

@mrblarg
Copy link
Author

mrblarg commented Sep 3, 2013

The RP.

On 3 Sep 2013, at 17:59, Brock Allen notifications@github.com wrote:

Logged out of what? The RP? IdentityServer? Or Facebook?

When using external identity providers, you're never really logged into IdentityServer -- it's just passing thru the identity.


Reply to this email directly or view it on GitHub.

@brockallen
Copy link
Member

FederatedAuthentication.SessionAuthenticaionModule.SignOut() should remove the cookie and it's all you need. I'd use this API then check the browser for the response to confirm that the cookie was cleared.

@mrblarg
Copy link
Author

mrblarg commented Sep 4, 2013

As I said above I tried that, it results in a null reference exception. I'll get the entire exception message...

@mrblarg
Copy link
Author

mrblarg commented Sep 4, 2013

[NullReferenceException: Object reference not set to an instance of an object.]
MyFedAppTest.Controllers.HomeController.LogOut() +22
System.Web.Mvc.<>c__DisplayClass1.b__0(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +247 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +38
System.Web.Mvc.Async.<>c__DisplayClass39.b__33() +119
System.Web.Mvc.Async.<>c__DisplayClass4f.b__49() +452
System.Web.Mvc.Async.<>c__DisplayClass37.b__36(IAsyncResult asyncResult) +15
System.Web.Mvc.Async.<>c__DisplayClass2a.b__20() +31
System.Web.Mvc.Async.<>c__DisplayClass25.b__22(IAsyncResult asyncResult) +230
System.Web.Mvc.<>c__DisplayClass1d.b__18(IAsyncResult asyncResult) +28
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +15
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +15
System.Web.Mvc.<>c__DisplayClass8.b__3(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +15
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +606
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288

@mrblarg
Copy link
Author

mrblarg commented Sep 4, 2013

I've also tried the following,

        //Does nothing
        //Response.Cookies.Clear();
        //Session.Clear();

        //Does nothing
        //Session.Abandon();

        //Does nothing
        //Response.Cookies.Clear();

@mrblarg
Copy link
Author

mrblarg commented Sep 4, 2013

I have a working solution,

        Session.Clear();
        Session.Abandon();
        if (Request.Cookies["FedAuth"] != null)
        {
            HttpCookie pHCeExpired = Request.Cookies["FedAuth"] ;
            pHCeExpired.Expires = DateTime.Now.Subtract(new TimeSpan(1,0,0));
            Response.SetCookie(pHCeExpired);
        }
        if (Request.Cookies["FedAuth1"] != null)
        {
            HttpCookie pHCeExpired = Request.Cookies["FedAuth1"];
            pHCeExpired.Expires = DateTime.Now.Subtract(new TimeSpan(1, 0, 0));
            Response.SetCookie(pHCeExpired);
        }

Not sure if I need the session calls but they're in there anyway...

@mrblarg mrblarg closed this as completed Sep 4, 2013
@RhysC RhysC mentioned this issue Aug 20, 2014
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brockallen @mrblarg