1

I am making an intranet web application for internal use using ASP.NET Core 3.1 MVC that's using Windows authentication and working on a logout/login page. I am trying to include a function that allows user to logout and sign in as another user.

I inserted this script in _Layout.cshtml but the @User.Identity.Name still shows the original name on the web page, indicating that I haven't logged out and I can still access the pages with [Authorize] attribute, is there another way to logout user?

Also, is there an ASP.NET Core 3.1 version of this answer? When I try to insert this as a function into the controller, errors appear saying HttpCookie, Request.IsAuthenticated, Response.Cookies.Set(cookie) and functions alike are undefined. Am I missing a NuGet package or library here? Do I have to logout the user to use this "sign in as another user" function?

Thanks in advance.

launchSettings.json

{
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
    "iisExpress": {
      "applicationUrl": "http://localhost:2322",
      "sslPort": 44329
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "Loginpagedemo2": {
      "commandName": "Project",
      "launchBrowser": true,
      "applicationUrl": "https://localhost:5001;http://localhost:5000",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

Controllers\LogoutController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using System.Text.Encodings.Web;

namespace Loginpagedemo2.Controllers
{
    public class LogoutController : Controller
    {

        public IActionResult Index()
        {
            return View();
        }
    }
}

Views\Logout\ _Layout.cshtml

<!DOCTYPE html>
<script runat="server">
    try {
        document.execCommand("ClearAuthenticationCache")
    }
    catch (e) { }
    
</script>
<html lang="en">
<head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>@ViewData["Title"] - CSH Shift Interchange System</title>
    <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.min.css" />
    <link rel="stylesheet" href="~/css/site.css" />
</head>
<body>
    <header>
        <nav class="navbar navbar-expand-sm navbar-toggleable-sm navbar-light bg-white border-bottom box-shadow mb-3">
            <div class="container">
                <div class="navbar-collapse collapse d-sm-inline-flex flex-sm-row-reverse">
                </div>
                <a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Index">Login as @User.Identity.Name</a>      
            </div>
        </nav>
    </header>
    <div class="container">
        <main role="main" class="pb-3">
            @RenderBody()
        </main>
    </div>

    <footer class="border-top footer text-muted">
        <div class="container">
            &copy; 2020 - CSH Shift Interchange System
        </div>
    </footer>
    <script src="~/lib/jquery/dist/jquery.min.js"></script>
    <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
    <script src="~/js/site.js" asp-append-version="true"></script>
    @RenderSection("Scripts", required: false)
</body>
</html>
Jimmy Ng
  • 23
  • 5
  • Please add some pieces of code – X.Otano Sep 15 '20 at 05:41
  • Added the controller and view – Jimmy Ng Sep 15 '20 at 06:48
  • 1
    As far as I know, there is no winodws authentication logout button which could logout the windows user. Since the windows authentication token is sent by browser and will not affect by your codes. If you want to use another user to login in, you could only use Form authentication or other AD authentication instead. – Brando Zhang Sep 15 '20 at 09:11
  • @BrandoZhang Is there any possible clientside workaround to let user sign in with another account as another user after pressing a button or similar? – Jimmy Ng Sep 16 '20 at 04:24
  • No, as far as I know, IE has a advanced setting which will ask windows account and password every time, But there is no js way to log out the windows authentication. – Brando Zhang Sep 16 '20 at 14:18

1 Answers1

0

Hi here some will work for you https://weblog.west-wind.com/posts/2019/Oct/19/Windows-Authentication-and-Account-Caching-on-Web-Browser-AutoLogins

Controller

 '[HttpPost]'

 'public async Task <IActionResult> Logout()
  {
   await signInManager.SignOutAsync();
 
  foreach (var cookie in HttpContext.Request.Cookies)
    {
       Response.Cookies.Delete(cookie.Key);
    }

   ProcessStartInfo pro = new ProcessStartInfo();
   pro.FileName = "cmd.exe";
   pro.Arguments = "klist purge";
   Process proStart = new Process();
   proStart.StartInfo = pro;
   proStart.Start();
   proStart.Close();
   return View();
 }'

My view logout

' 

     window.close();
    
</script>
'
Roberto Londono
  • 1