locked
problems with logout RRS feed

  • Question

  • User1457412228 posted

    I don't know what is wrong with the logout code.  When I click on the logout button, I get a __RequestVerificationToken parameter in the URL, which I suppose is related to when I did the code to do email validation.  But I have set breakpoints everywhere in that code, and it doesn't appear to be hitting it.  And a search for __RequestVerificationToken gets no results.

    This partial view is getting executed, but the logout page is not being called, as I am setting breakpoints all over them and also watching the "network" after selecting F12.

    Why isn't the logout page being called is my question.

    (edit:  I just discovered that if I replace the form with an <a href= ... it works as expected.)

    thanks

     @using Microsoft.AspNetCore.Identity
    @inject SignInManager<IdentityUser> SignInManager
    @inject UserManager<IdentityUser> UserManager
    
    <ul class="navbar-nav" style="color:white">
    @if (SignInManager.IsSignedIn(User))
    {
       <li class="nav-item">
            <a  class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Manage/Index" title="Manage">Hello @User.Identity.Name!</a>
        </li>
        <li class="nav-item">
            <form class="form-inline" asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="@Url.Page("/", new { area = "" })" method="post" >
                <button  type="submit" class="nav-link btn btn-link text-dark">Logout</button>
            </form>
        </li>
    }
    else
    {
        <li class="nav-item disabled">
            <a class="nav-link" style="color:white" asp-area="Identity" asp-page="/Account/Register">Register</a>
        </li>
        <li class="nav-item">
            <a class="nav-link" style="color:white" asp-area="Identity" asp-page="/Account/Login">Login</a>
        </li>
    }
    </ul>
    

    Sunday, July 28, 2019 7:13 PM

All replies

  • User-474980206 posted
    Why would logout have a return url? Also it probably should be a get instead of a post.
    Sunday, July 28, 2019 8:05 PM
  • User1457412228 posted

    It is all auto-generated code from the right click and scaffolding for Identity, and from when the project is first created.  

    The return url is used like this, but it never reached this code.  

    public async Task<IActionResult> OnPost(string returnUrl = null)
            {
                await _signInManager.SignOutAsync();
                _logger.LogInformation("User logged out.");
                if (returnUrl != null)
                {
                    return LocalRedirect(returnUrl);
                }
                else
                {
                    return Page();
                }
            }

    Sunday, July 28, 2019 9:46 PM
  • User-854763662 posted

    Hi talldaniel ,

    I create a test demo , but it worked well . It entered the post handler and returned  the logout page in the browser when clicking the logout button .

    What is exactly your problem? Didn't enter the Post handler, or is the page returned by the method not logout page?

    Here is my demo , you could take a look and check if there is the difference .

    You could also try change the asp-route-returnUrl like below :

     <form class="form-inline" asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="@Url.Page("/Account/Logout", new { area = "Identity" })" method="post">
                <button  type="submit" class="nav-link btn btn-link text-dark">Logout</button>
     </form>

    Best Regards ,

    Sherry

    Monday, July 29, 2019 9:05 AM
  • User1457412228 posted

    Hi Sherry,

    I think the code is correct, and I seem to remember it even worked for a time.  The error I am getting now though is to do with __RequestVerificationToken .

    Before I changed the code to be an anchor tag, when the logout button was clicked, it would not logout, not reach the "post" or "get" for the logout form, but instead the URL would populate with ?__RequestVerificationToken and then a really long number.

    I found a page where they were talking about a bug in the VS scaffolding that is similar to this issue, but was not the same.  https://github.com/aspnet/Scaffolding/issues/785

    Monday, July 29, 2019 1:46 PM
  • User475983607 posted

    Try fixing the return URL as suggested above.

     <form class="form-inline" asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="@Url.Page("/Account/Logout", new { area = "Identity" })" method="post">
                <button  type="submit" class="nav-link btn btn-link text-dark">Logout</button>
     </form>	

    Monday, July 29, 2019 2:22 PM
  • User1457412228 posted

    It does not make it to the Logout page and I see this in the URL

    Index?__RequestVerificationToken=CfDJ8LIpOr2PXLxHlLb3LA1XWAjKnJurF-wcsfDsW7PwxoEjgZvXZW9iOgPjQqzbBB8FSFULNnDsYXkXhu_reFYLHOJdJSGQXisg29ROUsrx2BQGhhhxvh-Dx1sZbnZhOSXvkdMelz6j_0yB1TaePB7M3xJDu_fcps7j3jcS...

    Monday, July 29, 2019 3:09 PM
  • User475983607 posted

    It does not make it to the Logout page and I see this in the URL

    Index?__RequestVerificationToken=CfDJ8LIpOr2PXLxHlLb3LA1XWAjKnJurF-wcsfDsW7PwxoEjgZvXZW9iOgPjQqzbBB8FSFULNnDsYXkXhu_reFYLHOJdJSGQXisg29ROUsrx2BQGhhhxvh-Dx1sZbnZhOSXvkdMelz6j_0yB1TaePB7M3xJDu_fcps7j3jcS...

    I cannot reproduce this issue when scaffolding Identity in ASP.NET Core 2.2.  Is this an ASP.NET 2.0 template that you've converted to ASP.NET 2.2?

    Monday, July 29, 2019 3:35 PM
  • User1457412228 posted

    It appears it is something like that, though I did start out with 2.2.

    I will try deleting the page and running the scaffolding again Wednesday.

    Thanks

    Tuesday, July 30, 2019 2:53 AM
  • User-2054057000 posted

    Why isn't the logout page being called is my question.

    (edit:  I just discovered that if I replace the form with an <a href= ... it works as expected.)

    This happens because you forgot (most likely) to create the HTTP POST version of the action method in your code. When you add link then HTTP GET version gets called and you already have the Get version of the action in your controller.

    It should be:

    [HttpPost]
    public async Task<IActionResult> OnPost(string returnUrl = null)
            {
                await _signInManager.SignOutAsync();
                _logger.LogInformation("User logged out.");
                if (returnUrl != null)
                {
                    return LocalRedirect(returnUrl);
                }
                else
                {
                    return Page();
                }
            }

    Tuesday, July 30, 2019 5:23 AM
  • User1457412228 posted

    I am using Razor pages.  They automatically handle the post get portion by the method naming, which I guess is what is meant by "convention".  

    I tried your suggestion just to see and the message says "Warning:  HttpPost cannot be applied to Razor Page Handler Methods. Routes for Razor Pages must be declared using the @Page directive or using conventions."

    I suspect when I regenerate the scaffold pages that will fix it, but don't have time to try.

    Tuesday, July 30, 2019 3:09 PM