none
FBA Logout issue RRS feed

  • Question

  • We have a parent .NET web application which has the role of Authentication. This parent application creates a cookie in the user's machine.

    We have created a custom login page, which will check if this cookie exists and allow the user to proceed, else will show a access denied page. We have done this by overriding the membership provider.

    When a logout of parent application is intiated, we redirect to the SharePoint's Signout located at "/Layouts/Signout.aspx" as well. We are assuming that SharePoint's own cookie should get destroyed.

    But when the user access a page directly, still he is able to login. Even when the user clicks the signout in the SharePoint top right, still he is able to view the pages, when directly accessed.

    Has anyone faced this issue before?

    Tuesday, May 28, 2013 8:06 AM

Answers

  • Hi Kannan,

    You can call this code to clear all login cookies from your browser. We have used this for our customer, and it clears all cookies that are set by SharePoint for FBA users. Please note we use this code in the code behind of a Webpart.

    protected override void OnLoad(EventArgs e)
            {
                base.OnLoad(e);
    
                ClientScriptManager cm = Page.ClientScript;
    
                String ulsScript = "function ULSLogout(){var o=new Object;o.ULSTeamName=\"Microsoft SharePoint Foundation\";o.ULSFileName=\"LogOut.aspx\";return o;}";
                cm.RegisterClientScriptBlock(this.GetType(), "UlSLogout", ulsScript, true);
    
                String closeBrowser = "function _spBodyOnLoad() {ULSLogout:; try { document.execCommand(\"ClearAuthenticationCache\"); } catch (e) { }	window.close(); }";
                cm.RegisterStartupScript(this.GetType(), "CloseBrowser", closeBrowser, true);
    
                ScriptManager.RegisterStartupScript(this, this.GetType(), "CloseBrowser", "_spBodyOnLoad();", true);
                RemoveCookiesAndRedirect();            
            } 
    
    private void RemoveCookiesAndRedirect()
            {
    
                if (this.Context.Session != null)
                {
                    this.Context.Session.Clear();
                }
                string str = string.Empty;
    
                if (this.Context.Request.Browser[SupportsEmptyStringInCookieValue] == "false")
                {
                    str = "NoCookie";
                }
    
                HttpCookie cookie = this.Context.Request.Cookies[CookieWssKeepSessionAuthenticated];
                
                if (cookie != null)
                {
                    cookie.Value = str;
                    this.Context.Response.Cookies.Remove(CookieWssKeepSessionAuthenticated);
                    this.Context.Response.Cookies.Add(cookie);
                }
    
                HttpCookie cookie2 = this.Context.Request.Cookies[CookieWssKeepAuthenticated];
    
                if (cookie2 != null)
                {
                    cookie2.Value = str;
                    cookie2.Expires = new DateTime(1970, 1, 1);
                    this.Context.Response.Cookies.Remove(CookieWssKeepAuthenticated);
                    this.Context.Response.Cookies.Add(cookie2);
                }
    
                SPIisSettings iisSettingsWithFallback = SPsite.WebApplication.GetIisSettingsWithFallback(SPsite.Zone);
    
                if (iisSettingsWithFallback.UseClaimsAuthentication)
                {
                    FederatedAuthentication.SessionAuthenticationModule.SignOut();
                    int num = 0;
                    using (IEnumerator<SPAuthenticationProvider> enumerator = iisSettingsWithFallback.ClaimsAuthenticationProviders.GetEnumerator())
                    {
                        while (enumerator.MoveNext())
                        {
                            SPAuthenticationProvider current = enumerator.Current;
                            num++;
                        }
                    }
    
                    if ((num != 1) || !iisSettingsWithFallback.UseWindowsIntegratedAuthentication)
                    {
                        
                        SPUtility.Redirect(BaseWebpart.FBA_Next_Step, SPRedirectFlags.Default, this.Context);
                    }
                }
                else if (AuthenticationMode.Forms == SPSecurity.AuthenticationMode)
                {
                    FormsAuthentication.SignOut();
                    SPUtility.Redirect(BaseWebpart.FBA_Next_Step, SPRedirectFlags.Default, this.Context);
                }
                else if (AuthenticationMode.Windows != SPSecurity.AuthenticationMode)
                {
                    throw new SPException();
                }
    
                SPUtility.Redirect("/_layouts/signout.aspx", SPRedirectFlags.DoNotEncodeUrl, this.Context);
            }

    Cheers,
    Vincent
    Wednesday, May 29, 2013 5:17 AM

All replies

  • Hi Kannan,

    You can call this code to clear all login cookies from your browser. We have used this for our customer, and it clears all cookies that are set by SharePoint for FBA users. Please note we use this code in the code behind of a Webpart.

    protected override void OnLoad(EventArgs e)
            {
                base.OnLoad(e);
    
                ClientScriptManager cm = Page.ClientScript;
    
                String ulsScript = "function ULSLogout(){var o=new Object;o.ULSTeamName=\"Microsoft SharePoint Foundation\";o.ULSFileName=\"LogOut.aspx\";return o;}";
                cm.RegisterClientScriptBlock(this.GetType(), "UlSLogout", ulsScript, true);
    
                String closeBrowser = "function _spBodyOnLoad() {ULSLogout:; try { document.execCommand(\"ClearAuthenticationCache\"); } catch (e) { }	window.close(); }";
                cm.RegisterStartupScript(this.GetType(), "CloseBrowser", closeBrowser, true);
    
                ScriptManager.RegisterStartupScript(this, this.GetType(), "CloseBrowser", "_spBodyOnLoad();", true);
                RemoveCookiesAndRedirect();            
            } 
    
    private void RemoveCookiesAndRedirect()
            {
    
                if (this.Context.Session != null)
                {
                    this.Context.Session.Clear();
                }
                string str = string.Empty;
    
                if (this.Context.Request.Browser[SupportsEmptyStringInCookieValue] == "false")
                {
                    str = "NoCookie";
                }
    
                HttpCookie cookie = this.Context.Request.Cookies[CookieWssKeepSessionAuthenticated];
                
                if (cookie != null)
                {
                    cookie.Value = str;
                    this.Context.Response.Cookies.Remove(CookieWssKeepSessionAuthenticated);
                    this.Context.Response.Cookies.Add(cookie);
                }
    
                HttpCookie cookie2 = this.Context.Request.Cookies[CookieWssKeepAuthenticated];
    
                if (cookie2 != null)
                {
                    cookie2.Value = str;
                    cookie2.Expires = new DateTime(1970, 1, 1);
                    this.Context.Response.Cookies.Remove(CookieWssKeepAuthenticated);
                    this.Context.Response.Cookies.Add(cookie2);
                }
    
                SPIisSettings iisSettingsWithFallback = SPsite.WebApplication.GetIisSettingsWithFallback(SPsite.Zone);
    
                if (iisSettingsWithFallback.UseClaimsAuthentication)
                {
                    FederatedAuthentication.SessionAuthenticationModule.SignOut();
                    int num = 0;
                    using (IEnumerator<SPAuthenticationProvider> enumerator = iisSettingsWithFallback.ClaimsAuthenticationProviders.GetEnumerator())
                    {
                        while (enumerator.MoveNext())
                        {
                            SPAuthenticationProvider current = enumerator.Current;
                            num++;
                        }
                    }
    
                    if ((num != 1) || !iisSettingsWithFallback.UseWindowsIntegratedAuthentication)
                    {
                        
                        SPUtility.Redirect(BaseWebpart.FBA_Next_Step, SPRedirectFlags.Default, this.Context);
                    }
                }
                else if (AuthenticationMode.Forms == SPSecurity.AuthenticationMode)
                {
                    FormsAuthentication.SignOut();
                    SPUtility.Redirect(BaseWebpart.FBA_Next_Step, SPRedirectFlags.Default, this.Context);
                }
                else if (AuthenticationMode.Windows != SPSecurity.AuthenticationMode)
                {
                    throw new SPException();
                }
    
                SPUtility.Redirect("/_layouts/signout.aspx", SPRedirectFlags.DoNotEncodeUrl, this.Context);
            }

    Cheers,
    Vincent
    Wednesday, May 29, 2013 5:17 AM
  • Do the role manager entries contain: createPersistentCookie="false" in both in the Central Admin and Web Application web.config files? Or have you set the cookie to expire in the .NET application? It sounds like the cookie is persistent so that when SharePoint looks for an authentication token for the user it's still there.



    If puzzles are good for your BRAIN then SharePoint will keep it really healthy!


    Ramona Maxwell MCPD SharePoint 2010, MCITP SQL Server 2008

    Wednesday, May 29, 2013 5:19 AM