ASP.NET MVC truly log off with Forms Authentication
25,161
FormsAuthentication.SignOut()
removes the authentication cookie, so you need to redirect after it instead of returning a view so that the client is notified:
public ActionResult Logoff()
{
FormsAuthentication.SignOut();
return RedirectToAction("Index");
}
Now in the Index
action the user will no longer be authenticated.
Related videos on Youtube
Author by
CodeGrue
Updated on July 09, 2022Comments
-
CodeGrue almost 2 years
I have a logoff action on a controller as so:
public ActionResult Logoff() { var x = Request.IsAuthenticated; var y = User.Identity.IsAuthenticated; FormsAuthentication.SignOut(); Session.Abandon(); var a = Request.IsAuthenticated; var b = User.Identity.IsAuthenticated; return View(); }
However, x, y, a, and b, are all true. So when my view renders, it still behaves as if the user is logged in. Can someone please provide a solution and/or explanation?
-
DM. almost 14 yearsDarin's right on. What I do at times is return a "return Redirect(FormsAuthentication.LoginUrl);" That will send the user back to the login page you declare in the authentication area in your web.config. Same thing really...