I am using the WSFederationAuthentication module for authenticationin my site which in turn is using the Azure ACS. I can successfully login and logout of the system . We have our site setup so as soon as someone hits it and if they are not authenticated
it transfers to a Secure Token Service website which does the authentication. The issue comes when I select the remember me checkbox checked and logout it logs me out and then tries to transfer me to the login page but it thinks I am already logged in and
automatically logs me back in. I am thinking its not clearing the authentication cookies in or the information present in the header which does not get properly clear when I logout.
Can someone please look at the code and give me some idea on how to resolve this issue.
Note: It is only happening in IE . Firefox and Chrome are working as expected.
WSFederationAuthenticationModule authModule = FederatedAuthentication.WSFederationAuthenticationModule;
//clear local cookie
authModule.SignOut(true);
// initiate federated sign out request to the STS
SignOutRequestMessage signOutRequestMessage = new SignOutRequestMessage(new Uri(authModule.Issuer), authModule.Realm);
String queryString = signOutRequestMessage.WriteQueryString();
if (!string.IsNullOrEmpty(queryString))
{
return new RedirectResult(queryString);
}
else
{
return RedirectToAction("Index", "Home");
}
Also something very weird is that even if the isPersistent is sent to false but the remember me checkbox is checked chrome and firefox seem to store the password somehow.
var principal = CreatePrincipal(userName, authenticationMethod, additionalClaims);var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(ttl))
{
IsPersistent = isPersistent
};
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
Can someone please help me with this and let me know what I am doing wrong.
Thanks