+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / User stays logged in. Can't force logout.

User stays logged in. Can't force logout.

9 posts, 0 answered
  1. Ryan Dailey
    Ryan Dailey avatar
    41 posts
    Registered:
    08 Mar 2010
    17 May 2011
    Link to this post
    I am trying to programmatically login the user.  I am using Telerik.Sitefinity.Security.SecurityManager.AuthenticateUser to login.  However, when I use it, the user stays logged in, and it won't allow me to force a logout.  Here is my code.

    01.protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    02.    {
    03.        UserManager usrMngr = UserManager.GetManager();
    04.        RoleManager roleMngr = RoleManager.GetManager("Default");
    05.  
    06.        usrMngr.Provider.SuppressSecurityChecks = true;
    07.        roleMngr.Provider.SuppressSecurityChecks = true;
    08.  
    09.        DateTime now = DateTime.UtcNow;
    10.        string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
    11.  
    12.        User user;
    13.        user = usrMngr.GetUser(Login1.UserName);
    14.        if (user != null)
    15.        {
    16.            user.IsLoggedIn = false;
    17.            usrMngr.SaveChanges();
    18.        }
    19.  
    20.        Credentials credentials = new Credentials();
    21.        credentials.UserName = Login1.UserName;
    22.        credentials.Password = Login1.Password;
    23.        credentials.Persistent = Login1.RememberMeSet;
    24.        credentials.MembershipProvider = "Default";
    25.        UserLoggingReason reason = SecurityManager.AuthenticateUser(credentials);
    26.        if (reason.ToString() == "UserAlreadyLoggedIn")
    27.        {
    28.            SecurityManager.Logout("Default", Login1.UserName, credentials);
    29.            reason = SecurityManager.AuthenticateUser(credentials);
    30.  
    31.        }
    32.        if (reason.ToString() == "Success")
    33.        {
    34.            e.Authenticated = true;
    35.        }
    36.        else
    37.        {
    38.        }
    39.    }
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    18 May 2011
    Link to this post
    Hi Ryan,

    Have you logged in the user from the browser by typing the name and password inside LoginForm before you execute the code? We found an issue in this scenario and we are trying to come up with a solution. We were able to replicate this issue only when you use the browser to authenticate a user. Also, from where you are executing this code - the same application (user/custom control) or you make request from another application?

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Ryan Dailey
    Ryan Dailey avatar
    41 posts
    Registered:
    08 Mar 2010
    19 May 2011
    Link to this post
    Like I said, it works the first time.  But when you close the browser and come back, it tells me that the user is already logged in.

    I'm guessing you are asking me if the LoginForm logged in the user before executing the code.  From what I can tell, it did not.  I am actually using the System.Web.UI.WebControls.Login control.  This code is inside the same application.
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    24 May 2011
    Link to this post
    Hello Ryan,

    The issue has been logged and assigned to one of our dev scrums for fixing this week. I will update you if we manage to sort it out.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Kalisha
    Kalisha avatar
    5 posts
    Registered:
    27 Jun 2011
    31 Oct 2011
    Link to this post
    Ivan,

    Was this resolved? If so how do we force logout?
  6. Stanislav Velikov
    Stanislav Velikov avatar
    1113 posts
    Registered:
    08 Dec 2016
    03 Nov 2011
    Link to this post
    Hi Kalisha,

    The issue with loging user out is resolved. To logout a user programatically delete the cookie which keeps its login information.
    SecurityManager.Logout();
                 SecurityManager.DeleteAuthCookies();
    Calling this on a button click or with other logic applied logs out the current user.

    Kind regards,
    Stanislav Velikov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. Basem
    Basem avatar
    131 posts
    Registered:
    22 Dec 2010
    08 Aug 2012
    Link to this post
    I am experiencing this same issue. Is there a way to call Security.DeleteAuthCookies() for another user? I am trying to allow admins to programmatically logout other users using SecurityManager.Logout(user.ProviderName, userId);
  8. Basem
    Basem avatar
    131 posts
    Registered:
    22 Dec 2010
    08 Aug 2012
    Link to this post
    {double posted}
  9. Stephen2
    Stephen2 avatar
    94 posts
    Registered:
    05 Feb 2012
    26 Mar 2013
    Link to this post
    I'm browsing for something else, and in case anyone finds this useful, I've had success only by using:
    Credentials credential = new Credentials() {
        MembershipProvider = "Default",
        UserName = "myUser",
        Password = "myPass",
        Persistent = false
    };
     
    SecurityManager.Logout(credential);
9 posts, 0 answered