How to Logout a User in ASP.NET Identity

Back to: ASP.NET MVC Tutorial For Beginners and Professionals

How to Logout a User in ASP.NET Identity

In this article, I am going to discuss How to Logout a User in ASP.NET Identity. Please read our previous article, where we discussed How to Get the Current Logged in User Id in ASP.NET Identity.

How to Logout a User in ASP.NET Identity?

In order to log out a user in ASP.NET Identity, we need to use the SignOut method.

SignOut Method:

The SignOut method is used to sign out a user by passing the appropriate authentication type as a parameter to this method as follows.

AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

DefaultAuthenticationTypes

Multiple authentication types can be passed to the SignOut method based on the used sign-in cookies in your application. If you go to the definition of DefaultAuthenticationTypes, then you will see that it is a static method that is used to define different constants as follows:

The meaning of each default authentication type is as follows:

1. ApplicationCookie: Default value for the main application cookie used by UseSignInCookies.
2. ExternalCookie: Default value used for the ExternalSignInAuthenticationType configured by UseSignInCookies.
3. ExternalBearer: Default value used by the UseOAuthBearerTokens method.
4. TwoFactorCookie: Default value for authentication type used for two-factor partial sign-in.
5. TwoFactorRememberBrowserCookie: Default value for authentication type used for two-factor remember browser.

AuthenticationManager

The SignOut method is called by the AuthenticationManager instance, which we can get from the OWIN context. We access the Authentication property to get the AuthenticationManager from the OWIN context as follows.

IAuthenticationManager AuthenticationManager = HttpContext.GetOwinContext().Authentication;

Once we get the AuthenticationManager instance, we can call the SignOut method by passing the appropriate DefaultAuthenticationTypes as follows.

AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

Namespaces:

In order to use the DefaultAuthenticationTypes static class and the IAuthenticationManager object, you have to include the following namespaces:

using Microsoft.AspNet.Identity;

using Microsoft.Owin.Security;

In the AccountController class, ASP.NET Identity already implemented the LogOff method as follows.

Note: The OWIN AuthenticationManager.SignOut method is analogous to FormsAuthentication.SignOut method is used by the FormsAuthentication module in Web Forms.

So, basically, this action method is going to be invoked whenever the user clicks on the logoff button. Instead of using the above action method, or if you are working on a project in which the default code is not provided for log-off, then you also create a method as follows. So, comment on the existing LogOff action method and then add the following LogOff Post Action method, and it should work as expected.

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
    IAuthenticationManager AuthenticationManager = HttpContext.GetOwinContext().Authentication;

    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

    return RedirectToAction("Index", "Home");
}

In the above code, we get the authentication manager from the OWIN context by accessing the Authentication property and then we use the SignOut method in order to sign out the logged-in user. We then redirect the user to the Home Page after the completion of the sign-out operation.

Note: The [ValidateAntiForgeryToken] attribute is used to prevent the forgery of a request.

In the next article, I am going to discuss How to Lockout a User Account in ASP.NET Identity. Here, in this article, I try to explain How to Logout a User in ASP.NET Identity. I hope you enjoy this How to Logout a User in ASP.NET Identity article.