User stays logged in. Can't force logout.
I am trying to programmatically login the user. I am using Telerik.Sitefinity.Security.SecurityManager.AuthenticateUser to login. However, when I use it, the user stays logged in, and it won't allow me to force a logout. Here is my code.
01.
protected
void
Login1_Authenticate(
object
sender, AuthenticateEventArgs e)
02.
03.
UserManager usrMngr = UserManager.GetManager();
04.
RoleManager roleMngr = RoleManager.GetManager(
"Default"
);
05.
06.
usrMngr.Provider.SuppressSecurityChecks =
true
;
07.
roleMngr.Provider.SuppressSecurityChecks =
true
;
08.
09.
DateTime now = DateTime.UtcNow;
10.
string
ip = System.Web.HttpContext.Current.Request.UserHostAddress;
11.
12.
User user;
13.
user = usrMngr.GetUser(Login1.UserName);
14.
if
(user !=
null
)
15.
16.
user.IsLoggedIn =
false
;
17.
usrMngr.SaveChanges();
18.
19.
20.
Credentials credentials =
new
Credentials();
21.
credentials.UserName = Login1.UserName;
22.
credentials.Password = Login1.Password;
23.
credentials.Persistent = Login1.RememberMeSet;
24.
credentials.MembershipProvider =
"Default"
;
25.
UserLoggingReason reason = SecurityManager.AuthenticateUser(credentials);
26.
if
(reason.ToString() ==
"UserAlreadyLoggedIn"
)
27.
28.
SecurityManager.Logout(
"Default"
, Login1.UserName, credentials);
29.
reason = SecurityManager.AuthenticateUser(credentials);
30.
31.
32.
if
(reason.ToString() ==
"Success"
)
33.
34.
e.Authenticated =
true
;
35.
36.
else
37.
38.
39.
Hi Ryan,
Have you logged in the user from the browser by typing the name and password inside LoginForm before you execute the code? We found an issue in this scenario and we are trying to come up with a solution. We were able to replicate this issue only when you use the browser to authenticate a user. Also, from where you are executing this code - the same application (user/custom control) or you make request from another application?
All the best,
Ivan Dimitrov
the Telerik team
Like I said, it works the first time. But when you close the browser and come back, it tells me that the user is already logged in.
I'm guessing you are asking me if the LoginForm logged in the user before executing the code. From what I can tell, it did not. I am actually using the System.Web.UI.WebControls.Login control. This code is inside the same application.
Hello Ryan,
The issue has been logged and assigned to one of our dev scrums for fixing this week. I will update you if we manage to sort it out.
Kind regards,
Ivan Dimitrov
the Telerik team
Ivan,
Was this resolved? If so how do we force logout?
Hi Kalisha,
The issue with loging user out is resolved. To logout a user programatically delete the cookie which keeps its login information.
SecurityManager.Logout();
SecurityManager.DeleteAuthCookies();
I am experiencing this same issue. Is there a way to call Security.DeleteAuthCookies() for another user? I am trying to allow admins to programmatically logout other users using SecurityManager.Logout(user.ProviderName, userId);
double posted
I'm browsing for something else, and in case anyone finds this useful, I've had success only by using:
Credentials credential =
new
Credentials()
MembershipProvider =
"Default"
,
UserName =
"myUser"
,
Password =
"myPass"
,
Persistent =
false
;
SecurityManager.Logout(credential);