If you’ve just fought through an update from ASP.NET v.Next beta whatever to beta 6 and now you’re staring down the last few red squiggled lines only to come across this little gem about SignOut no longer existing, I can help you get back to signing out in just a few steps.

 

image

 

AuthenticationManager

In this beta, it appears that the sign out functionality has been moved into AuthenticationManager.  Luckily, you have one of these already attached to your Context in the form of Context.Authentication.  So, the first thing you’ll need to do is replace your calls to Context.Response.SignOut() to instead call Context.Authentication.SignOutAsync().  You’ll want to also make the appropriate updates for async and such.  My original example above then becomes this instead:

 

Sign Out – but not really
  1. [HttpGet]
  2. public async Task<IActionResult> LogOff()
  3. {
  4.     if (Context.User.Identity.IsAuthenticated)
  5.     {
  6.         var authority = String.Format(_config.Get(“AzureAd:AadInstance”), _config.Get(“AzureAd:Tenant”));
  7.         var authContext = new AuthenticationContext(authority, new TokenCache());
  8.         authContext.TokenCache.Clear();
  9.         await Context.Authentication.SignOutAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
  10.         await Context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationType);
  11.     }
  12.     return RedirectToAction(“Index”, “Home”);
  13. }

 

This gets you past the compiler and, if you run the above, you’ll find that it doesn’t give you any errors at runtime.  But, it also doesn’t log you out.  In fact, it does the opposite of that…it just drops you on your home page still logged in. This is NOT a feature!

What Now – I Just Want to Sign Out?

I killed several hours trying all manner of crazy chants and incantations to make this work again, but nothing seemed to work. I always ended up right back on my home page with all my rights intact.  I finally gave in and asked on Stack Overflow and Hao Kung, a developer on the ASP.NET team, pointed me in the direction of a similar issue that he resolved for another developer and that solution worked for me!  I should have known that it would end up being a timing issue based on the level of effort I poured into it with no reward the previous night.  In the end, it turns out that the trick is to remove the Redirect and simply return void.  As Hao explains, prior to this beta the call to SignOut was not async and it won the race and pre-empted the Redirect.  Now that SignOut (renamed SignOutAsync) is async, it does not win the race and the Redirect happens instead of the SignOut.

The final method corrected for beta 6 (that actually does log the user out) then simply becomes this:

 

Sign Out
  1. [HttpGet]
  2. public async Task LogOff()
  3. {
  4.     if (Context.User.Identity.IsAuthenticated)
  5.     {
  6.         var authority = String.Format(_config.Get(“AzureAd:AadInstance”), _config.Get(“AzureAd:Tenant”));
  7.         var authContext = new AuthenticationContext(authority, new TokenCache());
  8.         authContext.TokenCache.Clear();
  9.         await Context.Authentication.SignOutAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
  10.         await Context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationType);
  11.     }
  12. }

 

That’s What Makes New Bits Fun

We’ve been rewriting our internal time and attendance system using vNext and Angular and we’re enjoying the challenge of the new paradigms and the usual bleeding-edge alpha and beta bumps of new bits and this time around we even get to look around in the baker’s source code while they bake it!  We’re excited about this tighter integration of open source tools with many of the Microsoft tools and platforms we’ve been working with and helping teams with for years, but it’s definitely a bit tough to get your head around at first.  If we can help your team with getting ready for ASP.NET vNext, please reach out to us at consulting@wintellect.com.