LogoutWithCredentials web service method doesn't work
Steps I am using:
1. From my client: verify that I am calling the web service with the correct credentials by passing them to AuthenticateUser (~/Services/Security/Users.svc//Authenticate)
2. From my client: logout the current user (~/Services/Security/Users.svc//Logout)
3. In web browser: login to SiteFinity backend using same credentials as my client
4. From my client: try to login with same credentials as before, receive expected UserAlreadyLoggedIn result
5. From my client: try to log the web browser out by calling LogoutWithCredentials (~/Services/Security/Users.svc//LogoutCredentials), passing exactly the same credentials that I used in step 1 to successfully log in
6. The body returns "true", but the web browser user is still logged in, verified by the following:
a. if I call AuthenticateUser from the client again, I still get UserAlreadyLoggedIn
b. if I click around in the web browser, I can navigate to other pages and am not notified that I have been logged out.
Why isn't LogoutWithCredentials working? How can I force the web user to logout so I can login?
Thanks,
Adam
Hello Adam Anderson,
There is a method LogoutCredentials that you can try using when you invoke the web call to Users.svc
Best wishes,
Ivan Dimitrov
the Telerik team
Test
Yes, I know the method is ~Services\Security\Users.svc\LogoutCredentials and not LogoutWithCredentials. I used the name LogoutWithCredentials because that is what the service help page calls it, but you will notice that I also mentioned the correct URL. The problem isn't what method to call. The problem is that when I call the method, it does not appear to do anything, and I listed ways that I verified that the method does not do anything. Please tell me if there is something special I need to do to call this method, or if you can duplicate the problem I'm reporting with the steps I provided. This is the JSON I am passing, with the correct password substitued: ""MembershipProvider":"","Password":"password","Persistent":true,"UserName":"admin""
Hi Adam ,
I suppose that you use WebRequest.Create to make a request to the service. We managed to replicate the issue locally and it happens when you are logged from the browser and then you are trying to force logout from the other application.
So this is the step 3 - 3. In web browser: login to SiteFinity backend using same credentials as my client.
The problem here is that principal is null on the next request because you cannot get the cookies.
Does this scenario worked before Sitefinity 4.1 SP1? It looks like that there is a regression between the latest and the older versions in this matter.
I will try to find some workaround, but will need more time for this.
Greetings,
Ivan Dimitrov
the Telerik team
Is there any more word on the workaround or solution to this?
Thanks,
Jonathan Tower
Falafel Software, Inc
Hello ,
We fixed the issue and its current status is ready for test. I hope that the fix will pass QA tests and we will be able to check in code changes for SP2 release ( scheduled for the next week).
Best wishes,
Ivan Dimitrov
the Telerik team
Thanks, Ivan. I'll check for it in the SP2 release.
Jonathan Tower
Falafel Software, Inc