Last post Mar 12, 2018 06:46 AM by Brando ZWZ
Mar 11, 2018 12:02 PM|RateFor|LINK
I'm porting from SQL membership to identity.
In SQL membership, I had a folder that was restricted to users in a certain role ("zRedRole"). I did this by putting the following web.config in that folder:
This did not work in IDENTITY. As part of testing, I did a 'logout' which calls:
and then I went to the home page, and clicked a link to try to access pages in the folder that is meant only for users who are associated with the role "zRedRole". I should have been immediately be directed to the login page when this happened, but instead,
the website tried to display the restricted page.
Why is the page not blocked? Why doesn't a web.config that does the job in SQL Membership also do the job in IDENTITY? Or is it possible I'm not signed out?
Ooops - just found the answer - cannot use IdentityHelper.signout, but can use:
Public Shared Sub Logout()
Dim authenticationManager = HttpContext.Current.GetOwinContext().Authentication
Mar 12, 2018 06:46 AM|Brando ZWZ|LINK
I'm glad to find you solve the issue by yourself.
As your codes shows, we will use HttpContext.Current.GetOwinContext().Authentication to get the Authentication middleware functionality available on the current request.
Then we will call the IAuthenticationManager.SignOut Method (AuthenticationProperties, String) to add information to the response environment that will cause the appropriate authentication middleware to revoke any claims identity associated
the the caller.
IAuthenticationManager.SignOut Method (AuthenticationProperties, String)
Details codes like this: