ASP.NET MVC truly log off with Forms Authentication

asp.net asp.net-mvc forms-authentication logout
CodeGrue picture CodeGrue · May 11, 2010 · Viewed 24.4k times · Source

I have a logoff action on a controller as so:

    public ActionResult Logoff()
    {
        var x = Request.IsAuthenticated;
        var y = User.Identity.IsAuthenticated;

        FormsAuthentication.SignOut();
        Session.Abandon();

        var a = Request.IsAuthenticated;
        var b = User.Identity.IsAuthenticated;

        return View();
    }

However, x, y, a, and b, are all true. So when my view renders, it still behaves as if the user is logged in. Can someone please provide a solution and/or explanation?

Answer

Darin Dimitrov picture Darin Dimitrov · May 11, 2010

FormsAuthentication.SignOut() removes the authentication cookie, so you need to redirect after it instead of returning a view so that the client is notified:

public ActionResult Logoff()
{
    FormsAuthentication.SignOut();
    return RedirectToAction("Index");
}

Now in the Index action the user will no longer be authenticated.

Related questions

ASP.NET MVC - Set custom IIdentity or IPrincipal

I need to do something fairly simple: in my ASP.NET MVC application, I want to set a custom IIdentity / IPrincipal. Whichever is easier / more suitable. I want to extend the default so that I can call something like User.…

Read More
How to remove returnurl from url?

I want to remove "returnurl=/blabla" from address bar when a user want to access to a login required page. Because I'm trying to redirect the user to a static page after login to do some selections. How can I …

Read More
Storing more information using FormsAuthentication.SetAuthCookie

I am using aspx and c# for a setting a authentication cookie for a login. FormsAuthentication.SetAuthCookie(UserName, True) I want to store more information in the same cookie. Can I add values to this authentication cookie or do I …

Read More