Unable to logout from ASP.NET MVC application usin

2020-03-24 06:28发布

站内问答 / C#
1113 4 5

I am trying to implement Logout Functionality in ASP.NET MVC.

I use Forms Authentication for my project.

This is my Logout code:

FormsAuthentication.SignOut();
Response.Cookies.Clear();
FormsAuthenticationTicket ticket = 
    new FormsAuthenticationTicket(
        1,
        FormsAuthentication.FormsCookieName,
        DateTime.Today.AddYears(-1),
        DateTime.Today.AddYears(-2),
        true,
        string.Empty);

Response.Cookies[FormsAuthentication.FormsCookieName].Value = 
            FormsAuthentication.Encrypt(ticket); 
Response.Cookies[FormsAuthentication.FormsCookieName].Expires = 
            DateTime.Today.AddYears(-2);

return Redirect("LogOn");

This code redirects the user to the Login Screen. However, if I call an action method by specifying the name in address bar (or select the previous link from address bar dropdown), I am still able to reach the secure pages without logging in.

Could someone help me solve the issue?

4条回答
疯言疯语
2楼-- · 2020-03-24 06:51

To correctly answer your question, I'd have to know how do you secure your "secure" pages.
I suspect that you're doing something wrong there.

A simple call to FormsAuthentication.SignOut() should be enough, as it clears the authentication cookie, thus making the other method calls you make there redundant.

With ASP.NET MVC, you have to use the AuthorizeAttribute on an action method to disallow non-authenticated visitors to use it. (Meaning: the old way you did it with Web Forms by specifying location tags in Web.config no longer works with MVC.)

For example, here is a small code snippet from my ForumController class:

public class ForumController : Controller
{
    ...

    [Authorize]
    public ActionResult CreateReply(int topicId)
    {
        ...
    }

    ...
}
查看更多
0人赞 添加讨论(0) 举报
爱情/是我丢掉的垃圾
3楼-- · 2020-03-24 06:52

That's strange... I make one single call to: FormsAuthentication.SignOut(); and it works...

public ActionResult Logout() {
  FormsAuthentication.SignOut();
  return Redirect("~/");
}
查看更多
0人赞 添加讨论(0) 举报
看我几分像从前
4楼-- · 2020-03-24 06:55

This method works, if you do not disable[comment] the following tags in the web.config file to test your web application easily.

public ActionResult SignOut()
{
    FormsAuthentication.SignOut();
    return RedirectToAction("Index", "Home");
}

web.config

<authentication mode="Forms">
  <forms name="Your Project Name" defaultUrl="/" loginUrl="/Users/Login" timeout="43200" />
</authentication>

<location path="Administrator">
  <system.web>
    <authorization>
      <allow roles="Administrator" />
      <deny users="*" />
    </authorization>
  </system.web>
</location>

<location path="UserPanel">
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
</location>
查看更多
0人赞 添加讨论(0) 举报
可以哭但决不认输i
5楼-- · 2020-03-24 07:04

The following question is related the it's solution works for me

FormsAuthentication.SignOut() does not log the user out

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)