Introduction
When you work with Forms Authentication, the expected behaviour when you call FormsAuthentication.Signout()
is that Http.Current.Request.IsAuthenticated
will return false
.
You are wrong.
Using the Code
FormsAuthentication.SignOut();
When you check this:
bool isAuthenticated = Request.IsAuthenticated;
the result is always true
.
It's not what we expect when signout is performed.
Fix the Issue
To fix it after signout process, you need to assign new user like below:
FormsAuthentication.SignOut();
HttpContext.Current.User =
new GenericPrincipal(new GenericIdentity(string.Empty), null);
The new GenericPrincipal
with GenericIdentity
is assigned to user in current context. New identity with empty name and null
as authentication type.
Then it works!
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.