+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Programmatically Logging User Out of Existing Session

Programmatically Logging User Out of Existing Session

11 posts, 0 answered
  1. Ben Alexandra
    Ben Alexandra avatar
    215 posts
    Registered:
    15 Sep 2012
    25 Nov 2011
    Link to this post
    Hi,

    We made a login box where people enter their username/pwd and then when they click go we log them in programmatically.

    Here is the code we use:  
    SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false);

    It works great, except for in one circumstance, and that is when that user is already logged in from another browser or another computer.

    If you do this via the UI,  you received the following warning:
    Someone is already using this username and password from another computer or browser. 
    To proceed, you need to log him/her off.


    If you click "Log the other user off and enter", it logs them off the other browser and logs them in to this browser.

    We would like to do the same thing, but all in code.  If they use our login window, we want to execute whatever code comes after the above warning.  We want them logged out of any other location and logged in on this browser/session.

    What code do we need to add that will make it so they get logged out of other locations?

    Ben
  2. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    02 Dec 2016
    30 Nov 2011
    Link to this post
    Hello Ben Alexandra,

    Can you please try using the Logout() method of SecurityManager without passing any arguments. It should log the current user out. If any problems persist, please let us know.

    Greetings,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Ben Alexandra
    Ben Alexandra avatar
    215 posts
    Registered:
    15 Sep 2012
    30 Nov 2011
    Link to this post
    That will NOT do.  That is only if the user user is logged in ON that computer, but as you know, your security stores the login information in the database.

    Here's a scenario.  I login at home on one browser.  Then go to work and try to log in with the same user/password.  Your control sees I didn't logout at home and asks if I want the program to log my home account out. I say yes and then I'm logged in.

    I need to be able to do that same thing via code.  If you read my post, that's what I'm trying to do.  I am trying to automatically log out ALL other times they are logged in.
    I am NOT logged in on the browser at work.

    Bottom line, I am trying to make my own login form that has the same behavior as your login form, but does the second step programmatically (where it just logs out other sessions).

    If this isn't possible, can you please tell me how to include your login control in a template (what is the code to add the usercontrol to a .master page, and how do I add a custom template so I can style it.  I only want to do this if this isn't possible as I already have the whole thing working how I want, except my control doesn't work if they are logged in on a different browser

    Thanks and please reply ASAP.  This was posted 5 days ago

  4. Ben Alexandra
    Ben Alexandra avatar
    215 posts
    Registered:
    15 Sep 2012
    02 Dec 2011
    Link to this post
    I really need an answer to this.  It's been almost a week and we are trying to launch this site

    Thanks

    Ben
  5. Ben Alexandra
    Ben Alexandra avatar
    215 posts
    Registered:
    15 Sep 2012
    02 Dec 2011
    Link to this post
    I don't know why I am not getting a reply on this.  I REALLY need an answer.  It's been over a week and we are trying to launch this site

    Thanks

    Ben
  6. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    02 Dec 2016
    02 Dec 2011
    Link to this post
    Hi Ben Alexandra,

    The Sitefinity security  public widgets can be found in the namespace Telerik.Sitefinity.Security.Web.UI, so my registering a tag prefix like:
    <%@ Register Namespace="Telerik.Sitefinity.Security.Web.UI" Assembly="Telerik.Sitefinity" TagPrefix="sfSecPublic" %>
    you'll be able to use the LoginForm or LogoutForm widgets that we have out of the box.
    The LoginForm has a public property LayoutTemplatePath, that can be specified int he control declaration in the markup like this:
    <sfLogout:LoginForm LayoutTemplatePath="~/MyTemplate.ascx" runat="server" ID="Test"></sfLogout:LoginForm>

    Also, please find below the implementation of the LogoutCommand of our LogoutForm Logout button:
    private static void DoLogout(string navigateUrl)
           {
               SecurityManager.Logout();
     
               var context = SystemManager.CurrentHttpContext;
               if (String.IsNullOrEmpty(navigateUrl))
                   navigateUrl = context.Request.Path;
     
               if (!RouteHelper.IsAbsoluteUrl(navigateUrl))
               {
                   context.Response.Redirect(navigateUrl, true);
               }
           }


    Regards,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. DaColonel
    DaColonel avatar
    3 posts
    Registered:
    23 Nov 2011
    02 Dec 2011
    Link to this post
    Guys, this is not what Ben is asking.  Look, he is trying MANUALLY login a user in a code behind.  Before, this was easy because Sitefinity played-along nicely with the MS MemerbershipProvider:  Membership.AuthenticateUser(username, password).   In Sitefinity 4, you must use SecurityManager.AuthenticeUser(provider, username, password, persist).  Well, when you call that method sometimes you get back a result of UserLoggingReason.UserAlreadyLoggedIn.  When this result is returned, he needs to be able to logout the OTHER USER which is causing this result, and LOG IN the user making the login request.  Here is code as an example:

    var username = login.UserName;
    var password = login.Password;

    var result = SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false);
    if (result != UserLoggingReason.Success)
    {
    if (result == UserLoggingReason.UserAlreadyLoggedIn)
    {
    ====> THE CODE AFTER THIS DOES NOT WORK. WHAT TO DO?
    SecurityManager.DeleteAuthCookies();
    result = SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false);
    }
    }
  8. DaColonel
    DaColonel avatar
    3 posts
    Registered:
    23 Nov 2011
    02 Dec 2011
    Link to this post
    Here is a simpler way to look at it:

    What method do you guys call when the user clicks "Logout the other user and Log Me in" on your Login control?  That is precisely what Ben needs.
  9. man
    man avatar
    6 posts
    Registered:
    21 Jun 2012
    12 Dec 2011
    Link to this post

    hi,

    same problem for me too.. can you suggest me the carry out for the login page....
  10. Sean
    Sean avatar
    1 posts
    Registered:
    31 May 2011
    04 Jan 2012
    Link to this post

    Logging out another user requires an authenticated account (SuppressSecurityChecks doesn't do the trick) so I created an admin account that only the system will use, then use it to force log out on the user

    UserManager userManager = UserManager.GetManager();
    // Log in to the admin user account
    SecurityManager.AuthenticateUser(new Credentials() { UserName = "adminUserName", Password = "adminPassword" });
    // Log out the specified user
    User alreadyLoggedInUser = userManager.GetUser("userName");
    SecurityManager.Logout("Default", alreadyLoggedInUser.Id);
    alreadyLoggedInUser.IsLoggedIn = false;
    userManager.SaveChanges();
    // Log out the admin
    SecurityManager.Logout();

  11. Xian
    Xian avatar
    18 posts
    Registered:
    03 Oct 2014
    11 Jan 2015
    Link to this post

    This is an old post, but thought it was helpful to save anyone else looking.  Sitefinity has added a feature to automatically logout other sessions, which is essentially what's trying to be accomplished.

     http://docs.sitefinity.com/administration-configure-the-self-logout-dialog-recurrence

    It would be really nice to be able to do this programmatically per instance, in case you wanted to handle certain situations different.  Sitefinity currently does this when logging into the Dashboard (you're always prompted, regardless of that setting).  Otherwise, this works like a charm when trying to implement STS.

     

11 posts, 0 answered