CODEWITHSUNDEEP
c#asp.netasp.net-core
Cristopher Rosales
Cristopher Rosales

Reputation: 476

Logout Action with Asp.Net Core Cookie Authentication

I have implemented authentication in Asp.Net Core 2.2 like this:

public async Task<IActionResult> LoginAsync(string user, string password)
    {
        if (user == "admin" && password == "admin")
        {
            var claims = new[] { new Claim(ClaimTypes.Name, user),
            new Claim(ClaimTypes.Role, "Admin") };

            var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

            await HttpContext.SignInAsync(
                CookieAuthenticationDefaults.AuthenticationScheme,
                new ClaimsPrincipal(identity));

            return RedirectToAction("Index", "Home");
        {
        else
        {
            return RedirectToAction("Login", "Users");
        }

I need to make a Logout action now. I used to achieve this in Asp.Net MVC with FormsAuthentication.SignOut()... I need to know the proper way to do it in Asp.Net Core 2.2

What I've tried is to make a Logout action like this:

    public async Task<IActionResult> Logout()
    {
        await HttpContext.SignOutAsync();
        return RedirectToAction("Index","Home");
    }

And used the following code in my NavBar:

@if (User.Identity.IsAuthenticated)
            {
                using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
                {
                    @Html.AntiForgeryToken()

                    <ul class="nav navbar-nav navbar-right">
                        <li>
                            @Html.ActionLink("Hello " + User.Identity.Name + "!", "Index", "Manage", routeValues: null, htmlAttributes: new { title = "Manage" })
                        </li>
                        <li class="nav-item">
                            <form class="form-inline" asp-area="Identity" asp-page="/Users/Logout" asp-route-returnUrl="@Url.Action("Index", "Home", new { area = "" })">
                                <button type="submit" class="nav-link btn btn-link text-dark">Logout</button>
                            </form>
                        </li>
                    </ul>
                }
            }
            else
            {
                <ul class="nav navbar-nav navbar-right">
                    <li>@Html.ActionLink("Register", "Register", "Account", routeValues: null, htmlAttributes: new { id = "registerLink" })</li>
                    <li>@Html.ActionLink("Log in", "Login", "Account", routeValues: null, htmlAttributes: new { id = "loginLink" })</li>
                </ul>
            }

Following instructions from this documentaion

This correctly shows the Logout button, but pressing the button doesn't seem to trigger my action, and the user is not logged out.

Upvotes: 9

Views: 31625

Answers (2)

Vitali Karmanov
Vitali Karmanov

Reputation: 241

You can do something like this if you want to use an a tag:

<form asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="@Url.Action("Index", "Home", new { area = "" })">
    <a href="javascript:;" onclick="parentNode.submit();">
        <span>Logout</span>
    </a>
</form>

Upvotes: 1

Cristopher Rosales
Cristopher Rosales

Reputation: 476

Turns out I was simply making a mistake in my View. I was calling the wrong action in my form.

using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))

Should've been,Html.BeginForm("Logout","Users", ...)

Also, my form was sending a Post request, so my action had to be decorated with [HttpPost], like this:

[HttpPost]
public async Task<IActionResult> Logout()
{
    await HttpContext.SignOutAsync();
    return RedirectToAction("Index","Home");
}

Upvotes: 10

Related Questions