Reputation: 26217
ASP.NET/IIS: Log out all users
In an ASP.NET 3.5 application running on IIS, how do I force a "deauthentication" of all currently logged-in and authenticated users?
iisreset didn't seem to do the trick!
Upvotes: 4
Views: 5004
Answers (2)
Reputation: 26956
ASP.NET authentication is designed to be resilient to an IISReset due to its use of cookies - performing an IISReset will clear any in-memory information, but the next time a user asks for a page on your site, they will send their authentication token, which (if it hasn't timed out) will still be valid, and the server will re-authenticate them.
You could write something that would effectively log out the user after a restart, by (for example) storing the application start time in a global variable in Application_Start, and then comparing the users LastActivityDate with that value - if it's before the start time, then you can call the appropriate sign-out method during Application_SessionStart or Application_BeginRequest.
Upvotes: 5
Reputation: 1442
Changing the authentication form name will then require new authentication from all users.
From:
<authentication mode="Forms">
<forms name="originalName" loginUrl="~/Account/Login" />
</authentication>
To:
<authentication mode="Forms">
<forms name="differentName" loginUrl="~/Account/Login" />
</authentication>
Upvotes: 7
Related Questions
- ASP.NET Windows Authentication logout
- ASP.NET how to logout user all session when password is reset/change
- ASP.NET Windows Authentication - Logging Off
- Programmatically logout an ASP.NET user
- how to logout the user from my asp.net application?
- ASP.Net Identity sign-out all sessions
- How to properly sign out user
- log out user in Global.asax
- Logoff button IIS6 ASP.NET Basic Authentication
- asp.net logout authentication how to code?