Trouble signing out from ASP web app with Federation Services
Question
I'm trying to sign out from intranet application, which is also accessible from the internet with signing in using Active Directory Federation Services.
Firstly I just made a href to https://federation.mycompany.com/adfs/ls/?wa=wsignout1.0 . The federation page shows and displays a message: "You have been successfully signed out!" But if I go back, I can access the web app again without signing in again. I also tried to append a redirect parameter, so that the user would be prompted to insert credentials again. But the redirect does not happen.
Later on I created a Action in one of my controllers. Here is the code:
public ActionResult Logoff()
{
string absoluteUrl = HttpContext.Request.Url.AbsoluteUri;
string replyUrl = absoluteUrl.Substring(0, absoluteUrl.LastIndexOf("/")+1);
WSFederationAuthenticationModule.FederatedSignOut(new Uri(@"https://federation.mycompany.com/adfs/ls/?wa=wsignout1.0"), new Uri(replyUrl));
return null;
}
But the problem is the same.
The third thing I tried was to delete cookies before signing out. But it seems that authentication cookie is under domain and not my app, so it is not accessible.
How do I solve this Sign out issue?
Please help.
1 answers
solution1
0 ACCPTED 2019-03-27 10:15:10
I am only assuming but I suspect that your ADFS is configured for windows authentication while your application has the Login button.
If this is the case then you can't really log out from already authenticated ADFS and it happily reissues the token upon the next request from the application. You can't do anything about it since the authentication is performed with MTML/Kerberos and this is the browser that keeps your credentials until you close it.
The solution would be to change ADFS to Forms mode and see if it helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.