Logout Action with Asp.Net Core Cookie Authentication

Question

I have implemented authentication in Asp.Net Core 2.2 like this:

public async Task<IActionResult> LoginAsync(string user, string password)
    {
        if (user == "admin" && password == "admin")
        {
            var claims = new[] { new Claim(ClaimTypes.Name, user),
            new Claim(ClaimTypes.Role, "Admin") };

            var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

            await HttpContext.SignInAsync(
                CookieAuthenticationDefaults.AuthenticationScheme,
                new ClaimsPrincipal(identity));

            return RedirectToAction("Index", "Home");
        {
        else
        {
            return RedirectToAction("Login", "Users");
        }

I need to make a Logout action now. I used to achieve this in Asp.Net MVC with FormsAuthentication.SignOut()... I need to know the proper way to do it in Asp.Net Core 2.2

What I've tried is to make a Logout action like this:

    public async Task<IActionResult> Logout()
    {
        await HttpContext.SignOutAsync();
        return RedirectToAction("Index","Home");
    }

And used the following code in my NavBar:

@if (User.Identity.IsAuthenticated)
            {
                using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
                {
                    @Html.AntiForgeryToken()

                    <ul class="nav navbar-nav navbar-right">
                        <li>
                            @Html.ActionLink("Hello " + User.Identity.Name + "!", "Index", "Manage", routeValues: null, htmlAttributes: new { title = "Manage" })
                        </li>
                        <li class="nav-item">
                            <form class="form-inline" asp-area="Identity" asp-page="/Users/Logout" asp-route-returnUrl="@Url.Action("Index", "Home", new { area = "" })">
                                <button type="submit" class="nav-link btn btn-link text-dark">Logout</button>
                            </form>
                        </li>
                    </ul>
                }
            }
            else
            {
                <ul class="nav navbar-nav navbar-right">
                    <li>@Html.ActionLink("Register", "Register", "Account", routeValues: null, htmlAttributes: new { id = "registerLink" })</li>
                    <li>@Html.ActionLink("Log in", "Login", "Account", routeValues: null, htmlAttributes: new { id = "loginLink" })</li>
                </ul>
            }

Following instructions from this documentaion

This correctly shows the Logout button, but pressing the button doesn't seem to trigger my action, and the user is not logged out.

Answer 1

Turns out I was simply making a mistake in my View. I was calling the wrong action in my form.

using (Html.BeginForm(" LogOff ", " Account ", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))

Should've been, Html.BeginForm("Logout","Users", ...)

Also, my form was sending a Post request, so my action had to be decorated with [HttpPost] , like this:

[HttpPost]
public async Task<IActionResult> Logout()
{
    await HttpContext.SignOutAsync();
    return RedirectToAction("Index","Home");
}