none
SharePoint 2010 : Custom Sign Out Functionality

    질문

  • Hi,

    We are using Windows with Kerberose authentication in our portal. We need to implement the sign out functionality. Our requirement is that when user clicks on Sign Out link, the user should be redirected to third party login page that is hosted on another server. If the same user tries to login again after Sign out, that user should be asked for credentials. Please provide the pointers to achieve this functionality.


    Regards, Parveen

    2012년 6월 1일 금요일 오전 6:40

답변

  • so, the user closed the browser windows as required? are there other browser window or tab still open for the same site, you may need to close then all.

    what if you click file->new session in IE9 (this will guarantee a new session), and navigate to the site? you can click the Alt key if you do not find menu bar in IE9.

    Please read these for more about browser session:

    http://blogs.msdn.com/b/askie/archive/2009/05/08/session-management-within-internet-explorer-8-0.aspx

    http://blogs.msdn.com/b/ieinternals/archive/2010/04/05/understanding-browser-session-lifetime.aspx

    My test in SharePoint 2010 claim based Windows authentication is that, after you click the sign out menu item at the upper right corner of the page, the Guid value of WSS_KeepSessionAuthenticated cookie will be cleared.

    Update: just tested with TCPView and NetworkMonitor, if you do not close the browser window, windows user can automatically sign in even if the TCP connection between IIS and browser is closed and IE is configured to prompt for user name and password. This automatic sign in works as if IE is configured for automatic login: IIS send 401 unauthorized with NTLM challenge, IE send authorization message, and IIS send 200 OK.

    But if you use IE developer toolbar to clear session cookies, you will be prompt for credential next time you visit the site.



    2012년 6월 8일 금요일 오전 2:19
    중재자

모든 응답

  • for Windows integrated authentication (Kerberose or NTLM), you only need to make sure that IE will not automatically logon (http://technet.microsoft.com/en-us/library/dd572939(v=office.13).aspx) for user.

    The default sign out page will clear authentication cookie for you. You can review the code for the removecookiesandredirect method in SignOutPage class in microsoft.sharepoint.applicationpages name space in microsoft.sharepoint.applicationpages.dll assembly.


    Why do you think you need to redirect to a third party page for sign out.
    2012년 6월 4일 월요일 오전 7:51
    중재자
  • Thanks GuYuming for the pointers here. Actually we have a client requirement that when user clicks on Sign Out link, the user should be redirected to third party login page that is hosted on another server.

    Further, if we use the default sign out method, system forces the user to close the browser. Even in this case, we open the same url in new browswer window on the same intranet machine, system does not ask for credentials even if I select "prompt for user name and password" option. Please let me know if I am missing out any point here.


    Regards, Parveen

    2012년 6월 7일 목요일 오후 12:08
  • so, the user closed the browser windows as required? are there other browser window or tab still open for the same site, you may need to close then all.

    what if you click file->new session in IE9 (this will guarantee a new session), and navigate to the site? you can click the Alt key if you do not find menu bar in IE9.

    Please read these for more about browser session:

    http://blogs.msdn.com/b/askie/archive/2009/05/08/session-management-within-internet-explorer-8-0.aspx

    http://blogs.msdn.com/b/ieinternals/archive/2010/04/05/understanding-browser-session-lifetime.aspx

    My test in SharePoint 2010 claim based Windows authentication is that, after you click the sign out menu item at the upper right corner of the page, the Guid value of WSS_KeepSessionAuthenticated cookie will be cleared.

    Update: just tested with TCPView and NetworkMonitor, if you do not close the browser window, windows user can automatically sign in even if the TCP connection between IIS and browser is closed and IE is configured to prompt for user name and password. This automatic sign in works as if IE is configured for automatic login: IIS send 401 unauthorized with NTLM challenge, IE send authorization message, and IIS send 200 OK.

    But if you use IE developer toolbar to clear session cookies, you will be prompt for credential next time you visit the site.



    2012년 6월 8일 금요일 오전 2:19
    중재자
  • Thanks GuYuming for your detailed explanation.

    We have used SharePoint default SignOut functionality and asking user to close the browser. Moreover we are using IE8 to test our portal.


    Regards, Parveen

    2012년 6월 12일 화요일 오후 2:04
  • I admit that the Prompt for username and password option in IE is confusing in this situation, it still works the same way in IE 10 release preview non-metro version.

    2012년 6월 13일 수요일 오전 4:12
    중재자