The logout.cshtml file is all a code block that surrounding an IsPost.
When testing this code my site really doesn't respond. Most importantly the WebSecurity.Logout() method. I suspect the IsPost.
If I move the WebSecurity.Logout() above the IsPost I do see processing.
Could someone explain how this is supposed to work the way it is structured?
Thanks
Dallas in Maryland.
{
WebSecurity.RequireAuthenticatedUser();
if (IsPost) {
// Verify the request was submitted by the user
AntiForgery.Validate();
// Log out of the current user context
WebSecurity.Logout();
// Redirect back to the return URL or homepage
var returnUrl = Request.QueryString["ReturnUrl"];
Context.RedirectLocal(returnUrl);
} else {
Response.Redirect("~/");
}
}
Logout method posts a form back to the server thats why its inside an IsPost block
Then in the _SiteLayout.chstml we have a form posting to this link ~/Account/Logout
<formid="logoutForm"action="~/Account/Logout"method="post">@AntiForgery.GetHtml() // injects that generated token within the form
</form>
Thanks
With Regards
Abhishek Rajiv Luv
"Helpful then please Mark as Answer"
http://www.codeabstract.com/
http://pluralsight.com/training/users/abhishekluv
The logic of the code block (as I understand) immediately heads off to the root. This IsPost code never gets invoked.
So what triggers IsPost to ever be true to logout of authentication?
}else{Response.Redirect("~/");
I removed the if/else logic and the compiler error about the Antiforgery Token. Where do you get the token?
Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery form field "__RequestVerificationToken" is not present.
Source Error:
Line 6: // if (IsPost) {
Line 7: // Verify the request was submitted by the user
Line 8: AntiForgery.Validate();
Line 9:
Line 10: // Log out of the current user context
<form id="logoutForm" action="~/Account/Logout" method="post">
@AntiForgery.GetHtml() // injects that generated token within the form
<a href="javascript:document.getElementById('logoutForm').submit()">Log out</a>
</form>
Do you have this code in your _SiteLayout.cshtml file
Thanks
With Regards
Abhishek Rajiv Luv
"Helpful then please Mark as Answer"
http://www.codeabstract.com/
http://pluralsight.com/training/users/abhishekluv
DMT20601
Member
86 Points
197 Posts
WebSecurity and Logout
Feb 26, 2013 02:46 AM|LINK
WebSecurity and Logout
I'm working with Webmatrix and the Starter Site.
The logout.cshtml file is all a code block that surrounding an IsPost.
When testing this code my site really doesn't respond. Most importantly the WebSecurity.Logout() method. I suspect the IsPost.
If I move the WebSecurity.Logout() above the IsPost I do see processing.
Could someone explain how this is supposed to work the way it is structured?
Thanks
Dallas in Maryland.
{ WebSecurity.RequireAuthenticatedUser(); if (IsPost) { // Verify the request was submitted by the user AntiForgery.Validate(); // Log out of the current user context WebSecurity.Logout(); // Redirect back to the return URL or homepage var returnUrl = Request.QueryString["ReturnUrl"]; Context.RedirectLocal(returnUrl); } else { Response.Redirect("~/"); } }Abhishek Luv
Participant
1736 Points
468 Posts
Re: WebSecurity and Logout
Feb 26, 2013 03:13 AM|LINK
Means requires Authenticated user
Validates the generated token
Logout method posts a form back to the server thats why its inside an IsPost block
Then in the _SiteLayout.chstml we have a form posting to this link ~/Account/Logout
With Regards
Abhishek Rajiv Luv
"Helpful then please Mark as Answer"
http://www.codeabstract.com/
http://pluralsight.com/training/users/abhishekluv
DMT20601
Member
86 Points
197 Posts
Re: WebSecurity and Logout
Feb 26, 2013 04:06 PM|LINK
The logic of the code block (as I understand) immediately heads off to the root. This IsPost code never gets invoked.
So what triggers IsPost to ever be true to logout of authentication?
I removed the if/else logic and the compiler error about the Antiforgery Token. Where do you get the token?
Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery form field "__RequestVerificationToken" is not present. Source Error: Line 6: // if (IsPost) { Line 7: // Verify the request was submitted by the user Line 8: AntiForgery.Validate(); Line 9: Line 10: // Log out of the current user contextAbhishek Luv
Participant
1736 Points
468 Posts
Re: WebSecurity and Logout
Feb 26, 2013 04:41 PM|LINK
<form id="logoutForm" action="~/Account/Logout" method="post"> @AntiForgery.GetHtml() // injects that generated token within the form <a href="javascript:document.getElementById('logoutForm').submit()">Log out</a> </form>Do you have this code in your _SiteLayout.cshtml file
With Regards
Abhishek Rajiv Luv
"Helpful then please Mark as Answer"
http://www.codeabstract.com/
http://pluralsight.com/training/users/abhishekluv
DMT20601
Member
86 Points
197 Posts
Re: WebSecurity and Logout
Feb 26, 2013 07:16 PM|LINK
No, not at the moment.
I put you code in the layout .... no change ... same compiler msg and an extra Log Out link for the Logout page. (no surprise)
In the Starter Site Account folder 7 of the 12 files set and check, on the same page, the AntiForgery and in all cases, it is within a Form tag.
The Logout page has no set, just check. I'm guessing AntiForgery Gethtml creates something new each time it is invoked.
How does it pass/store the token for it to be checked.
rajendraram
Participant
812 Points
258 Posts
Re: WebSecurity and Logout
Feb 26, 2013 07:21 PM|LINK
Check
http://stackoverflow.com/questions/7766975/requestverificationtoken-does-not-match
http://stackoverflow.com/questions/2206595/how-do-i-solve-an-antiforgerytoken-exception-that-occurs-after-an-iisreset-in-my