Programmatically Logging User Out of Existing Session - Front- & Back-End Development - Front- & Back-End Development - Progress Community
 Front- & Back-End Development

Programmatically Logging User Out of Existing Session

  • Programmatically Logging User Out of Existing Session
  • Hi,

    We made a login box where people enter their username/pwd and then when they click go we log them in programmatically.

    Here is the code we use:  
    SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false);

    It works great, except for in one circumstance, and that is when that user is already logged in from another browser or another computer.

    If you do this via the UI,  you received the following warning:
    Someone is already using this username and password from another computer or browser. 
    To proceed, you need to log him/her off.


    If you click "Log the other user off and enter", it logs them off the other browser and logs them in to this browser.

    We would like to do the same thing, but all in code.  If they use our login window, we want to execute whatever code comes after the above warning.  We want them logged out of any other location and logged in on this browser/session.

    What code do we need to add that will make it so they get logged out of other locations?

    Ben
  • Hello Ben Alexandra,

    Can you please try using the Logout() method of SecurityManager without passing any arguments. It should log the current user out. If any problems persist, please let us know.

    Greetings,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • That will NOT do.  That is only if the user user is logged in ON that computer, but as you know, your security stores the login information in the database.

    Here's a scenario.  I login at home on one browser.  Then go to work and try to log in with the same user/password.  Your control sees I didn't logout at home and asks if I want the program to log my home account out. I say yes and then I'm logged in.

    I need to be able to do that same thing via code.  If you read my post, that's what I'm trying to do.  I am trying to automatically log out ALL other times they are logged in.
    I am NOT logged in on the browser at work.

    Bottom line, I am trying to make my own login form that has the same behavior as your login form, but does the second step programmatically (where it just logs out other sessions).

    If this isn't possible, can you please tell me how to include your login control in a template (what is the code to add the usercontrol to a .master page, and how do I add a custom template so I can style it.  I only want to do this if this isn't possible as I already have the whole thing working how I want, except my control doesn't work if they are logged in on a different browser

    Thanks and please reply ASAP.  This was posted 5 days ago

  • I really need an answer to this.  It's been almost a week and we are trying to launch this site

    Thanks

    Ben
  • I don't know why I am not getting a reply on this.  I REALLY need an answer.  It's been over a week and we are trying to launch this site

    Thanks

    Ben
  • Hi Ben Alexandra,

    The Sitefinity security  public widgets can be found in the namespace Telerik.Sitefinity.Security.Web.UI, so my registering a tag prefix like:
    <%@ Register Namespace="Telerik.Sitefinity.Security.Web.UI" Assembly="Telerik.Sitefinity" TagPrefix="sfSecPublic" %>
    you'll be able to use the LoginForm or LogoutForm widgets that we have out of the box.
    The LoginForm has a public property LayoutTemplatePath, that can be specified int he control declaration in the markup like this:
    <sfLogout:LoginForm LayoutTemplatePath="~/MyTemplate.ascx" runat="server" ID="Test"></sfLogout:LoginForm>

    Also, please find below the implementation of the LogoutCommand of our LogoutForm Logout button:
    private static void DoLogout(string navigateUrl)
           
               SecurityManager.Logout();
     
               var context = SystemManager.CurrentHttpContext;
               if (String.IsNullOrEmpty(navigateUrl))
                   navigateUrl = context.Request.Path;
     
               if (!RouteHelper.IsAbsoluteUrl(navigateUrl))
               
                   context.Response.Redirect(navigateUrl, true);
               
           


    Regards,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • Guys, this is not what Ben is asking.  Look, he is trying MANUALLY login a user in a code behind.  Before, this was easy because Sitefinity played-along nicely with the MS MemerbershipProvider:  Membership.AuthenticateUser(username, password).   In Sitefinity 4, you must use SecurityManager.AuthenticeUser(provider, username, password, persist).  Well, when you call that method sometimes you get back a result of UserLoggingReason.UserAlreadyLoggedIn.  When this result is returned, he needs to be able to logout the OTHER USER which is causing this result, and LOG IN the user making the login request.  Here is code as an example:

    var username = login.UserName;
    var password = login.Password;

    var result = SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false);
    if (result != UserLoggingReason.Success)

    if (result == UserLoggingReason.UserAlreadyLoggedIn)

    ====> THE CODE AFTER THIS DOES NOT WORK. WHAT TO DO?
    SecurityManager.DeleteAuthCookies();
    result = SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false);


  • Here is a simpler way to look at it:

    What method do you guys call when the user clicks "Logout the other user and Log Me in" on your Login control?  That is precisely what Ben needs.

  • hi,

    same problem for me too.. can you suggest me the carry out for the login page....

  • Logging out another user requires an authenticated account (SuppressSecurityChecks doesn't do the trick) so I created an admin account that only the system will use, then use it to force log out on the user

    UserManager userManager = UserManager.GetManager();
    // Log in to the admin user account
    SecurityManager.AuthenticateUser(new Credentials() UserName = "adminUserName", Password = "adminPassword" );
    // Log out the specified user
    User alreadyLoggedInUser = userManager.GetUser("userName");
    SecurityManager.Logout("Default", alreadyLoggedInUser.Id);
    alreadyLoggedInUser.IsLoggedIn = false;
    userManager.SaveChanges();
    // Log out the admin
    SecurityManager.Logout();

  • This is an old post, but thought it was helpful to save anyone else looking.  Sitefinity has added a feature to automatically logout other sessions, which is essentially what's trying to be accomplished.

     docs.sitefinity.com/administration-configure-the-self-logout-dialog-recurrence

    It would be really nice to be able to do this programmatically per instance, in case you wanted to handle certain situations different.  Sitefinity currently does this when logging into the Dashboard (you're always prompted, regardless of that setting).  Otherwise, this works like a charm when trying to implement STS.