Identity Framework

Ronald Rex 1,666 Reputation points
2021-10-01T21:36:13.86+00:00

Whats the best practice for logging out if you are using Basic Authentication? I read this...What you have to do is have the user click a logout link, and send a ‘401 Unauthorized’ in response, using the same realm and at the same URL folder level as the normal 401 you send requesting a login. But I was needing some clarity about how to code this if someone could help. Thanks !!!

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,199 questions
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,282 questions
Accepted answer
  1. Zhi Lv - MSFT 32,016 Reputation points Microsoft Vendor
    2021-10-04T05:05:36.267+00:00

    Hi @Ronald Rex ,

    In Asp.net core application, if you are using the Asp.net Core Identity, you can use Scaffold Identity to generate the Logout page.

    After that you can find the Logout view page from the "Areas/Identity/Account/" folder. Then, in the _LoginPartial.cshtml partial view, you can add the following code: 

    @using Microsoft.AspNetCore.Identity  
@using CustomIndetitySample.Data  
  
@inject SignInManager<ApplicationUser> SignInManager  
@inject UserManager<ApplicationUser> UserManager  
  
<ul class="navbar-nav">  
@if (SignInManager.IsSignedIn(User))  
{  
    <li class="nav-item">  
        <a  class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Manage/Index" title="Manage">Hello @User.Identity.Name!</a>  
    </li>  
    <li class="nav-item">  
        <form  class="form-inline" asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="@Url.Action("Index", "Home", new { area = "" })">  
            <button  type="submit" class="nav-link btn btn-link text-dark">Logout</button>  
        </form>  
    </li>  
}  
else  
{  
    <li class="nav-item">  
        <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Register">Register</a>  
    </li>  
    <li class="nav-item">  
        <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Login">Login</a>  
    </li>  
}  
</ul>

    After user click the Logout link, it will redirect to the Logout action method with the returnUrl: "/Home"

    In the Logout.cshtml.cs file, it will use the _signInManager.SignOutAsync() method to logout, and then redirects to the Home Index page (which is public). 

        public async Task<IActionResult> OnPost(string returnUrl = null)  
    {  
        await _signInManager.SignOutAsync();  
        _logger.LogInformation("User logged out.");  
        if (returnUrl != null)  
        {  
            return LocalRedirect(returnUrl);  
        }  
        else  
        {  
            return RedirectToPage();  
        }  
    }

    If you set the redirect url to a protected page, it will redirect to the login page.

    More detail information, you can check the official document and the sample.

    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Dillion

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 56,846 Reputation points
    2021-10-02T15:33:07.327+00:00

    What is your goal. You can force the browser to ask credentials again by responding with a 401 to a request with credentials. You need to be careful or you will get in a loop.