2

So I have a .Net Core MVC Webapp with Windows Authentication up and running. Now there is the need for a logout functionality so a different user can sign in.
Despite beeing Client bound, the Application shows a login popup (Browserstyle) when the URL is called the first time on a Client. Thereare workarounds in normal .Net MVC to get this prompt again:
'Login as another user' MVC 4 Windows Authentication

public ActionResult LogOut()
{
    HttpCookie cookie = Request.Cookies["TSWA-Last-User"];

    if(User.Identity.IsAuthenticated == false || cookie == null || StringComparer.OrdinalIgnoreCase.Equals(User.Identity.Name, cookie.Value))
    {
        string name = string.Empty;

        if(Request.IsAuthenticated)
        {
            name = User.Identity.Name;
        }

        cookie = new HttpCookie("TSWA-Last-User", name);
        Response.Cookies.Set(cookie);

        Response.AppendHeader("Connection", "close");
        Response.StatusCode = 401; // Unauthorized;
        Response.Clear();
        //should probably do a redirect here to the unauthorized/failed login page
        //if you know how to do this, please tap it on the comments below
        Response.Write("Unauthorized. Reload the page to try again...");
        Response.End();

        return RedirectToAction("Index");
    }

    cookie = new HttpCookie("TSWA-Last-User", string.Empty)
    {
        Expires = DateTime.Now.AddYears(-5)
    };

    Response.Cookies.Set(cookie);

    return RedirectToAction("Index");

}

How can I implement the same thing in .Net Core? There are severall difficulties with editing the right cookie and manipulating the response in .Net Core. I am trying to find the least hacky way on this.

Yush0
  • 1,547
  • 18
  • 22
  • Seems that logout functionality does not exists when using Windows Authentication. See https://stackoverflow.com/questions/1067263/asp-net-windows-authentication-logout – Afshar Mohebi Oct 23 '17 at 14:14
  • It also didn't exist offically in previous .Net versions but Microsoft built it into Sharepoint where it got reverse engineered. (All described in the Link in my Question). I am pretty sure a workaround like this should also be possible in .Net Core since the login prompt is still appearing in the right circumstances. – Yush0 Oct 23 '17 at 14:28
  • @Yush0 Have you found some solution for this question? – Jenan Sep 11 '18 at 07:55
  • @Jenan: No just workarounds on the clientside. You can use the private mode of the browser to get the prompt again. Also editing the Internet Explorer security settings can change the behaviour for Chromium based browsers and IE on Windows. – Yush0 Sep 20 '18 at 11:55

0 Answers0