Where are my credentials being stored?

Question

Seeing a strange issue where I am unable to log out of my account in the web app I'm building.

My authentication setup looks like this

Program.cs

public static IWebHost BuildWebHost(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
    .UseStartup<Startup>()
    .UseHttpSys(options =>
    {
        options.Authentication.Schemes =
            AuthenticationSchemes.NTLM | AuthenticationSchemes.Negotiate;
        options.Authentication.AllowAnonymous = false;
    })   
    .Build();

Startup.cs (in ConfigureServices)

services.AddAuthentication(
    Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme);

When I debug the application, it somehow always logs me in using the account Bassie123, but I want to change it to Bassie.

launchSettings.json

{
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
    "iisExpress": {
      "applicationUrl": "http://localhost:55680/",
      "sslPort": 0
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

I cleared all my cookies, tried opening it in a private browsing window, and even republished the application to ISS, but still my credentials for Bassie123 are being stored somewhere.

I know I could implement a logout method and call that, but this question is more about where the data is stored that is causing the account to persist.

Answer 1

So it turns out the credentials were being stored in the winows Credential Manager.

They were sitting under Windows Credentials -> http://addressofwebapp:3000

After deleting the Bassie123 credentials from there, the app now automatically logs me in as Bassie