Unable to delete Asp.net Identity after Signout

Question

User-1319716544 posted

I am using below code to Login and Logout for OWIN Authentication. I first login to the system and captured the session,.Asp.ApplicationCookie ,etc using tool like Fiddler or Burp Suite , and logout from system. After that I tried to access the previous url and able to access .It seems the ClaimsIdentity is still alive after logout but it supposed to be deleted and should be redirected to login page after logout . Do you have any idea how I can invalidate the claimsIdentity after signout

 public void IdentitySignin(ApplicationUser appUserState, string providerKey = null, bool isPersistent = false)
        {
           
            var identity =  UserManager.CreateIdentity(appUserState, DefaultAuthenticationTypes.ApplicationCookie);
       
            AuthenticationManager.SignIn(new AuthenticationProperties()
            {
                AllowRefresh = true,
                IsPersistent = isPersistent,
                ExpiresUtc = DateTime.UtcNow.AddDays(7)
            }, identity);
        }

        public void IdentitySignout()
        {
            AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie,
                                            DefaultAuthenticationTypes.ExternalCookie);
        }

Answer 1

User-2057865890 posted

Hi dpmragu,

Try

public ActionResult LogOff()
{
     AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
     return RedirectToAction("Index", "Home");
}

Best Regards,

Chris

Answer 2

User-1319716544 posted

Hi Chris Zhao,

Thank you for reply. I tried with the option but no luck. Is there any way to invalidate the authentication cookie, so that It will be automatically redirected to login page.