ASP.net identity – external login – won’t log out

by

In my application, all my authentication happens with Google – ie – all my users are Google Accounts.

I don’t need users to need to register in my app, just sign in using a Google account. However, I do want to manage Roles for the users with ASP.net Identity (I think)

With that in mind, on successful external authentication, I create an ASP.net Identity user (if one doesn’t exist)

So, I’ve got my ExternalLoginCallback as follows:

    [AllowAnonymous]
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        var authenticationManager = Request.GetOwinContext().Authentication;

        var loginInfo = await authenticationManager.GetExternalLoginInfoAsync();

        //successfully authenticated with google, so sign them in to our app
        var id = new ClaimsIdentity(loginInfo.ExternalIdentity.Claims, DefaultAuthenticationTypes.ApplicationCookie);
        authenticationManager.SignIn(id);

        //Now we need to see if the user exists in our database
        var user = UserManager.FindByName(loginInfo.Email);

        if (user == null)
        {
            //user doesn't exist, so the user needs to be created
            user = new ApplicationUser { UserName = loginInfo.Email, Email = loginInfo.Email };

            await UserManager.CreateAsync(user);

            //add the google login to the newly created user
            await UserManager.AddLoginAsync(user.Id, loginInfo.Login);
        }

        return RedirectToLocal(returnUrl);
    }

Idea being, I can now manage users, add roles, check if users are in roles, etc….

Firstly, is this a sensible approach? Or have I over complicated it?

One issue I’m having, however, is with logging out of my application

My Logout action looks like:

public ActionResult LogOut()
{
    HttpContext.GetOwinContext().Authentication.SignOut();

    return RedirectToAction("Index", "Home");
}

My Index action is decorated with the [Authorize] attribute –
However, when I ‘logout’ – it redirects to Home.Index – but I still seem to be logged in?

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

According to this ASPNet Identity Work Item, this is by design, and you need to call directly to Google’s API in order to log the user out.

Method 2

completing the post Logout link with return URL (OAuth)
Here is a solution that work for me : 

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
        AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
        return Redirect("https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://[url-of-your-site]");
    }


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x