SyntaxHighlighter

Saturday, March 1, 2014

Sign Out from STS in ASP.NET web application

This post is related to my last post about Claims Provider from IP-STS. STS was used by ASP.NET web application and require single sign out. But even after calling Session.Abandon() and FormsAuthentication.SignOut(), users were still logged in to STS.

After some looking around I found the answer on stackoverflow. The problem was Session.Abandon() and FormsAuthentication.SignOut() were clearing the user cookies and session state but STS token were never cleaned up. Use this code to complete Sign out process:
WSFederationAuthenticationModule fam =
FederatedAuthentication.WSFederationAuthenticationModule;

string wrealm = string.Format("wtrealm={0}", fam.Realm);

string signOutUrl =
WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(
fam.Issuer, null, wrealm);

string wreply = Request.Url.AbsoluteUri;

WSFederationAuthenticationModule.FederatedSignOut(
new Uri(signOutUrl), new Uri(wreply));


You can paste this code in your logout handler and should clean up STS token. After logout STS will redirect browser to URL set by “wreply” and can be set to any URL. You don’t need to set this parameter, in case of null, STS will redirect to default application page set during STS configuration.

This routine send “wsignout1.0” command to STS to clean up token for the user. Here is the signout URL:

http://localhost:8888/?wa=wsignout1.0&wtrealm=http%3a%2f%2flocalhost%3a58077%2f&wreply=http%3a%2f%2flocalhost%3a58077%2fdefault.aspx


Hope this helps.

-Javed

No comments:

Post a Comment