0

I need to distinguish between a logout from a button, which has a SignOutAsync method call and an actual session expire. Is there a way we can do that?

This is what I have at the moment:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                // Adds a cookie for the browser to remember
                .AddCookie(options =>
                {
                    options.LoginPath = "/signin";
                    options.LogoutPath = "/signout";
                    options.AccessDeniedPath = "/forbidden";
                    options.SlidingExpiration = true;
                });

The signout method

[HttpGet]
        public async Task<IActionResult> SignOut()
    {
        // Other code
        await httpContext.SignOutAsync();

        // Redirects him/her to the home route
        return Redirect((HttpContext.Request.Scheme +
                                            "://" +
                                            HttpContext.Request.Host +
                                            HttpContext.Request.Path.ToString() +
                                            HttpContext.Request.QueryString).Replace(HttpContext.Request.Path.ToString(), "/" + global.Portal.Name + "?so=1"));
    }

And among other things, this is what I have at the moment to try and distinguish:

if (_httpContext.User.Identity.IsAuthenticated)
                await this.UserIdentitySignOutAsync(_httpContext, _context);
            else if(_httpContext.Request.Path.Value.ToLower().Contains("/signin"))
                    Feedback = new Feedback() { Message = "Your session has expired.", IsValid = false };

Of course, this is not going to work because there are multiple origins and I want to show different messages depending on the signin outcome. But the important thing here I need to know is if there is any way to distinguish between the two.

I mean... Because at this point the cookie has already been cleared and we don't have any information about what happened to it.

If the is a way to make out that difference please tell me. I'll happily receive it.

Thanks for any help.

taiko
  • 458
  • 6
  • 22

1 Answers1

0

I found the answer. I had to add an event OnRedirectLogin and managed to find a workaround by setting a session string an getting/setting its value.

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                // Adds a cookie for the browser to remember
                .AddCookie(options =>
                {
                    options.LoginPath = "/signin";
                    options.LogoutPath = "/signout";
                    options.AccessDeniedPath = "/forbidden";
                    options.SlidingExpiration = true;
                    options.Events = new CookieAuthenticationEvents()
                    {
                        OnRedirectToLogin = op =>
                        {
                            if (op.Request.Query["so"].Count == 0)
                                op.HttpContext.Session.SetString("RedirectToLogin", true.ToString());
                        op.Response.Redirect(op.RedirectUri);

                        return Task.FromResult(0);
                    }
                };
            });

And then...

if (_httpContext.User.Identity.IsAuthenticated)
                await this.UserIdentitySignOutAsync(_httpContext, _context);
            else
            {
                var value = _httpContext.Session.GetString("RedirectToLogin");
                bool.TryParse(value, out bool redirectToLogin);

                if (redirectToLogin)
                {
                    Feedback = new Feedback() { Message = "Your session has expired.", IsValid = false };
                    _httpContext.Session.SetString("RedirectToLogin", false.ToString());
                }
            }

And that did it... :)

taiko
  • 458
  • 6
  • 22