force - logout in windows authentication asp.net mvc




ASP.NET Windows Authentication logout (4)

For IE browsers only, you can use the following javascript to logout the user if using Windows Authentication. (Note: closing the browser isn't required, but recommended since the user might be using a non-IE browser).

If the user clicks "No" to close the browser, then the user will be prompted for a username/password if they attempt to access a page on the site that requires authentication.

try {
   document.execCommand("ClearAuthenticationCache");
}
catch (e) { }
window.close();

This code was taken from SharePoint's Signout.aspx page.

How do you logout when using Windows authentication in ASP.NET like this web.config?

<authentication mode="Windows" />

I've already tried the following unsuccessfully. It redirects, but does not log out the user.

void logoutButton_Click(object sender, EventArgs e) {
    HttpContext.Current.Session.Clear();
    HttpContext.Current.Session.Abandon();
    ViewState.Clear();
    FormsAuthentication.SignOut();
    Response.Redirect("/");
}

Background Info:

I have to use Windows authentication because I need to impersonate the identity using Active Directory to gain access to local files. And I cannot impersonate using Forms authentication because the HttpContext.Current.User.Identity won't be a WindowsIdentity. Impersonate using Forms Authentication


I had a SharePoint application with Windows authentication, I needed automatic logout after 15 minutes. I mixed up some codes and here is the result. it works in IE properly.

<script type="text/javascript">
var t;
window.onload = resetTimer;
document.onmousemove = resetTimer;
document.onkeypress = resetTimer;

function logout() {

    try {
        document.execCommand("ClearAuthenticationCache");
        window.location.href = window.location.protocol.replace(/\:/g, '') + "://" + window.location.host + "/_layouts/customlogin14.aspx";
    }
    catch (e) { }

}

function resetTimer() {
    window.clearTimeout(t);
    t = window.setTimeout(logout, 900000);
} 

put these codes in your master page, after 15 mins idle time you will see the login page. hope this help somebody


No server-side logout button will work when using "Windows" authentication. You must use "Forms" authentication if you want a logout button, or close the user's browser.






logout