views:

902

answers:

2

Here is My Code To Log In

 var expire = DateTime.Now.AddDays(7);
        // Create a new ticket used for authentication
        var ticket = new FormsAuthenticationTicket(
        1, // Ticket version
        username, // Username to be associated with this ticket
        DateTime.Now, // Date/time issued
        expire, // Date/time to expire
        true, // "true" for a persistent user cookie (could be a checkbox on form)
        roles, // User-data (the roles from this user record in our database)
        FormsAuthentication.FormsCookiePath); // Path cookie is valid for

        // Hash the cookie for transport over the wire
        var hash = FormsAuthentication.Encrypt(ticket);
        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash) { Expires = expire };

        // Add the cookie to the list for outbound response
        Response.Cookies.Add(cookie);


Here Is My Code To Check The Roles. It is a custom IHTTP Module

 if (HttpContext.Current.User == null) return;
        if (!HttpContext.Current.User.Identity.IsAuthenticated) return;
        if (!(HttpContext.Current.User.Identity is FormsIdentity)) return;

        // Get Forms Identity From Current User
        var id = (FormsIdentity)HttpContext.Current.User.Identity;
        // Get Forms Ticket From Identity object
        var ticket = id.Ticket;
        // Retrieve stored user-data (our roles from db)
        var userData = ticket.UserData;
        var roles = userData.Split(',');
        // Create a new Generic Principal Instance and assign to Current User
        Thread.CurrentPrincipal = HttpContext.Current.User = new GenericPrincipal(id, roles);


Here is my Code To Log Out

FormsAuthentication.SignOut();
        Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
        Session.Clear(); 
        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
        Response.Cache.SetNoStore();
        Response.AppendHeader("Pragma", "no-cache");
        return View("SignIn");


This is crazy. I have two bald spots now.

A: 

1) shouldn't your call to Response.Cookies.Remove(FormsAuthentication.FormsCookieName); be Response.Cookies.Remove(whatever-the-user-name-is);?

2) try sending an expired cookie back to the browser.

FormsAuthentication.SignOut();

// replace with username if this is the wrong cookie name
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
Session.Clear(); 
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
Response.Cache.SetNoStore();
Response.AppendHeader("Pragma", "no-cache");

// send an expired cookie back to the browser
var ticketExpiration    = DateTime.Now.AddDays(-7);
var ticket              = new FormsAuthenticationTicket(
    1, 
    // replace with username if this is the wrong cookie name
    FormsAuthentication.FormsCookieName, 
    DateTime.Now, 
    ticketExpiration, 
    false, 
    String.Empty);
var cookie              = new System.Web.HttpCookie("user")
{
    Expires             = ticketExpiration,
    Value               = FormsAuthentication.Encrypt(ticket),
    HttpOnly            = true
};

Response.Cookies.Add(cookie);

return View("SignIn");
Jared
Thanks for the try dude. It is still a no go. I have three bald spots now. Response.Cookies.Clear(); does not either.For fun, (yes this is fun), I set the cookie to expire ON LOGIN, this worked, however is completely useless as a solution.
ILoveYou
Simply put, something is seriously wrong. I do not know what (or where). However I resolved the problem in part by adding your expired cookie.
ILoveYou
Well I'm glad you fixed it! can you post the code you ended up using? I'm curious to see what you had to do to get it working
Jared
A: 

You can not directly delete a cookie on a client's computer. When you calls the Cookies.Remove method the cookie is deleted on a server side. To delete the cookie on a client's side it's necessary to set the cookie's expiration date to a past date.

HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
     cookie.Expires = DateTime.Now.AddDays(-1);
     HttpContext.Current.Response.Cookies.Add(cookie);
}

I hope this helps you.

Evgeny Shmanev